PASSWORD SPRAY ATTACK 

Password spraying is an attack that attempts to access many accounts (usernames) with a few commonly used passwords. Traditional brute-force attacks attempt to gain unauthorized access to a single account by guessing the password. This can quickly result in the targeted account getting locked-out, as commonly used account-lockout policies allow for a limited number of failed attempts (typically three to five) during a period. During a password-spray attack, the malicious actor attempts a single commonly used password (such as ‘Password1’ or ‘Summer2017’) against many accounts before moving on to attempt a second password, and so on. This technique allows the actor to remain undetected by avoiding rapid or frequent account lockouts. 

How To Simulate A Password Spray Attack In Office 365? 

1. In the Security & Compliance Center, choose Threat management > Attack simulator. 

2. From the options, press the Launch Attack button to begin the wizard for the chosen attack, in this case for the Password Spray attack. 

3. Name the new campaign and press Next. 

4. Select the target users, by choosing specific user accounts or groups. 

5. Once you have selected the users or groups, press Next then set the password properties as needed. This attack requires a single password only, then press Next. 

6. Once completed press the Finish button and the attack is initiated. 

7. Once the attack is complete, the status is updated, and a View Report link is then available. You can click the View Report or the Attack Details link to see the results from the attack. 

8. Clicking the Attack Details link will display a quick overview and then a link to see further details. 

9. Clicking on the result will then display the specific details. This is the same result you see when you click the link View Report.