KUALA LUMPUR (Oct 29): Microsoft has warned those who reuse their passwords across multiple online accounts that it identified an increase in the use of "password spray" attacks over the past 12 months.

In a blog post on Tuesday (Oct 26), Microsoft's Detection and Response Team (DART) analysts, who are dedicated to identifying the latest cyberattack methods, said this threat is a moving target with techniques and tools which are always changing.

The analysts said these involve hackers gathering a list of usernames and passwords leaked online and plugging them in to various websites.

Cyber crooks aim to stumble across a working combination that gives them access to someone's email or social media accounts and, from there, may attempt to break into more sensitive accounts.

DART said password spray attacks are authentication attacks that employ a large list of usernames and pair them with common passwords in an attempt to “guess” the correct combination for as many users as possible.

It said these are different from brute-force attacks, which involve attackers using a custom dictionary or word list and attempting to attack a small number of user accounts.

Password sprays have often targeted applications that are unsecured and use legacy authentication protocols.

DART said it is important to understand the targets of the password spray to correctly determine the scope of the potential compromise.

It said it recently saw an uptick in cloud administrator accounts being targeted in password spray attacks and as such, understanding the targets is a good place to start.