A security operations center (SOC) analyst is investigating an alert from a Security Information and Event Management (SIEM) system. The alert shows a high volume of failed login attempts originating from hundreds of different IP addresses. The attempts are targeting many different user accounts, but each source IP is only trying one or two common passwords against each account. Which type of attack is MOST likely occurring?
This scenario describes a password spraying attack. Key indicators are the use of many source IP addresses to evade IP-based blocking, targeting a large number of user accounts, and using a small list of common passwords. This 'low-and-slow' method helps attackers avoid individual account lockouts. A traditional brute-force attack is less likely as it typically targets a single account with many different passwords from one or a few sources. A Denial-of-Service (DoS) attack aims to exhaust resources to make a service unavailable, not to gain access through login attempts. A phishing campaign is a social engineering technique used to trick users into revealing credentials, which is a separate activity that might precede an attack like this.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are access denials and why should we monitor them?
Open an interactive chat with Bash
What kind of threats can a rise in access denials indicate?
Open an interactive chat with Bash
How can organizations respond to an uptick in access denials?