'Password spraying' poses new threat as Hurricane Florence heightens hacking risks

An ABC7 I-Team Investigation

ByJason Knowles and Ann Pistone WLS logo
Friday, September 14, 2018
'Password spraying' poses new threat to cyber security
"Password spraying" is a new threat coming at a time when cyber defenses are being threatened by Hurricane Florence.

CHICAGO -- "Password spraying" is when criminals use the same, somewhat "simple" password, against thousands of emails. This new threat coming at a time when cyber defenses are being threatened by Hurricane Florence.



RELATED: Street gangs indicted for hacking Bay Area medical, dental offices



Hackers choose one password like "State Street 12" and then they "spray it " against thousands of emails. All they need is one match.



"It's kind of like the burglar, they are going through your neighborhood checking the door to see if its unlocked or a window that's open versus one they can't get into, they might just move on," said Jeremy Batterman, Trustwave security expert.



QUICK TIP: How to beef up your passwords




Batterman says you can avoid being a "spraying" victim by beefing up your password right now.



KNOWLES: What is the biggest mistake people are making with their passwords?



BATTERMAN: Using dictionary words, any common word that would be found in the dictionary as well as adding numbers or just using numbers.


KNOWLES: You said avoid the seasons.


BATTERMAN: Yes, it very common when passwords get reset.



Instead, he says to pick a sentence - or a line from a favorite song. Then, add in spaces - yes, spaces - and multiple characters.



Ethical hackers at the new "Trustwave Spiderlabs Fusion Center" are monitoring spraying threats - and others which are targeting vulnerabilities exposed by Hurricane Florence.



RELATED: FBI warns banks of worldwide ATM hack threat



"Oftentimes what we will see after an incident like this is targeted phishing emails that are fraudulent that people might click on or find to get services or look for different help operations," Batterman said.



Batterman says corporate defense systems are at heightened risk during a natural disaster - and those businesses could have your information on file.



"We also have, what we call, proactive threat hunters, which will go and test inside different companies to make sure they don't have a current threat that hasn't been detected," Batterman said.



To avoid all password threats you should also use different passwords for every account and you can consider using new apps which generate and store unique passwords for you.



Just putting one character or a few numbers after a word is not enough anymore.

Copyright © 2024 WLS-TV. All Rights Reserved.