Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Password spraying and credential stuffing have a lot in common, but the main difference is in the way the attack is executed. With credential stuffing, the cybercriminal already has a set of verified login credentials, whereas, with password spraying, the cybercriminal has to guess the login credentials by matching a list of usernames with a commonly used password.

On February 29th, the Cybersecurity and Infrastructure Security Agency (CISA) issued two separate advisories related to malicious behavior exhibited by threat actors. The first advisory AA24-060A pertains to Phobos Ransomware and the second advisory AA24-060B pertains to the exploitation of vulnerabilities in Ivanti Connect Secure and Policy Secure Gateways.

As of August 2023, only 3 out of 23 US government agencies were compliant with Office of Management and Budget (OMB) requirements for log management and security observability. These requirements are outlined in M-21-31, a 2021 memorandum that was issued following Executive Order 14028 on improving national cybersecurity. Until all of these agencies implement the new requirements, the federal government’s ability to fully detect, investigate, and remediate cybersecurity threats will be constrained.

Cybersecurity professionals often point out that threat actors do not differentiate when choosing a victim. To an attacker, a hospital is as useful a target as a law firm or even a mining operation. After all, a mining company has the same attributes that make it as interesting as any other target: proprietary data and customer information, and it must stay in operation. All of which an attacker can exploit for financial gain.