Introduction

In the labyrinth of modern cyberspace, where information is the currency of the digital realm,
organizations face an unyielding onslaught of cyber threats. Among these, Password Spraying
Attacks have emerged as a nuanced and persistent adversary, challenging the very
foundations of cybersecurity defenses. This in-depth case study unfolds the strategic
initiatives undertaken by BSIT-3, representing the Philippine National Police Anti-
Cybercrime Group (PNP ACG), to fortify its defenses against the growing threat of Password
Spraying Attacks.

The relentless evolution of technology has birthed a dynamic digital landscape, where
opportunities for progress coexist with the constant specter of cyber threats. As organizations
embrace the advantages of interconnected systems and digitized processes, they find
themselves ensnared in a perpetual arms race against cybercriminals, state-sponsored actors,
and hacktivists. Amidst these challenges, Password Spraying Attacks stand out for their
subtlety and efficacy, exploiting vulnerabilities in password and user behavior predictability.

BSIT-3, standing as a technological sentinel and embodying the commitment of the PNP
ACG to cybersecurity, operates in an environment where the stakes are exceptionally high.
Entrusted with safeguarding critical information, preserving data integrity, and maintaining
public trust, BSIT-3 recognized the imperative to not only reactively respond to cyber threats
but to proactively fortify its cybersecurity resilience.

This case study unravels BSIT-3's journey, commencing with a meticulous assessment of the
challenges posed by Password Spraying Attacks. The organization identified commonalities
in password usage, predictability in username conventions, and shortcomings in security
measures as pivotal vulnerabilities. These challenges, though distinct, collectively
represented potential entry points for adversaries seeking unauthorized access and
compromise.

The subsequent analytical odyssey embarked upon by BSIT-3 delves into the intricacies of
Password Spraying Attacks, unraveling their modus operandi and drawing insights from real-
world incidents. This phase revealed not only the prevalence of common passwords but also
the importance of addressing predictable user identification practices.

Armed with this comprehensive understanding, BSIT-3 formulated a multi-faceted strategy to

mitigate the risks posed by Password Spraying Attacks. Enhanced password policies, robust
account lockout mechanisms, and the implementation of multi-factor authentication (MFA)
were key components of this defensive arsenal.

Post-implementation, BSIT-3 observed tangible outcomes, including a reduction in successful

attacks, improved incident response capabilities, and heightened user awareness. Critical
insights were gleaned, emphasizing the need for continuous adaptation in cybersecurity
measures and the significance of user education in mitigating risks.

Looking ahead, BSIT-3 recommends a proactive approach, advocating for regular threat
assessments and exploring advanced authentication methods such as password less
authentication to enhance security.
 1
Background

Safeguarding Digital Frontiers

In the dynamic landscape of cybersecurity, BSIT-3 stands as a formidable guardian, entrusted

with the critical mission of securing digital frontiers. As the representative of the Philippine
National Police Anti-Cybercrime Group (PNP ACG), BSIT-3's role extends beyond
traditional paradigms, delving into the intricate challenges posed by modern cyber threats.

Operating at the intersection of technology and security, BSIT-3 finds itself in a unique
position, where the rapid evolution of digital ecosystems necessitates a proactive and
adaptive approach to safeguarding sensitive information. The backdrop for this case study lies
in the recognition of BSIT-3's pivotal role in upholding cybersecurity standards within the
Philippines, contributing to the overarching goal of creating a secure digital environment for
both government and civilian entities.

Cybersecurity Imperatives

As a sentinel in the technological landscape, BSIT-3 operates within an environment where

the stakes are exceptionally high. The reliance on interconnected systems and the digitization
of critical processes has propelled the importance of robust cybersecurity measures. The
organization's mandate encompasses not only the protection of sensitive data but also the
preservation of public trust.

In the realm of cybersecurity, where threats are diverse and ever-evolving, BSIT-3
acknowledges the imperative of adopting a forward-thinking approach. Beyond reacting to
cyber threats, the organization is committed to fortifying its cybersecurity resilience, ensuring
it remains a step ahead of adversaries seeking to exploit vulnerabilities.

BSIT-3's Mandate

BSIT-3's role within the PNP ACG is multifaceted. It involves the safeguarding of critical
information repositories, the preservation of data integrity, and the proactive identification
and mitigation of cyber threats. This mandate extends to both reactive incident response and
proactive measures aimed at fortifying the organization's overall cybersecurity posture.

The organization's commitment is rooted in the understanding that cybersecurity is not

merely a technological challenge but a holistic endeavor that requires continuous adaptation,
strategic planning, and a deep understanding of emerging threat vectors. In the pursuit of this
commitment, BSIT-3 has identified Password Spraying Attacks as a significant threat,
prompting a comprehensive examination and strategic response to fortify defenses against
this insidious form of cyberattack.
 2
Digital Vulnerabilities and the Genesis of the Study

The genesis of this case study lies in the acknowledgment of vulnerabilities within the digital
fabric. An initial assessment revealed not only the prevalence of common password usage but
also the predictability in username conventions and gaps in existing security measures. These
vulnerabilities, if left unaddressed, pose a tangible risk to BSIT-3's mission of ensuring a
secure digital landscape for the Philippines.

Recognizing that Password Spraying Attacks represent a subtle yet potent threat, BSIT-3
embarked on a journey to dissect, understand, and ultimately fortify its defenses against this
specific form of cyberattack. This case study encapsulates the background, challenges,
strategies, and outcomes of BSIT-3's proactive response to Password Spraying Attacks,
underscoring its commitment to cybersecurity excellence and resilience in the face of
evolving digital threats.
 3
Challenges Faced

Navigating Password Spraying Pitfalls

In the digital realm, BSIT-3 encountered several nuanced challenges that demanded a closer
examination of its defenses against the stealthy menace of Password Spraying Attacks. Let's
delve deeper into these challenges to unravel their intricacies and understand their
implications.

Common Password Usage: A Weak Link in the Chain

The widespread use of simplistic and easily guessable passwords poses a significant
vulnerability for BSIT-3. Users, often unknowingly, resort to familiar choices such as
"password123" or "123456," creating a weak link in the chain of security. These
commonplace passwords, while easy to remember, become a potential breach waiting to
happen.

Understanding the gravity of this challenge involves recognizing that cyber attackers are
well-aware of these common password choices. By leveraging automated tools, they
systematically test a multitude of accounts with these predictable passwords, hoping to gain
unauthorized access. The consequences of compromised user accounts due to weak password
practices extend beyond the inconvenience of resetting passwords. It opens the door to
unauthorized access, data breaches, and potential exploitation of sensitive information.

To mitigate this challenge effectively, BSIT-3 recognized the need not only to enforce
stronger password policies but also to educate users about the importance of choosing
complex and unique passwords. This educational initiative aimed to empower users to
become active participants in fortifying the organization's digital defenses against the perils
of common password usage.

Username Predictability: The Puzzle of Easy-to-Guess Usernames

In the digital tapestry of identities, BSIT-3 identified another challenge – the predictability of
usernames. The adoption of easily guessable username conventions, such as

"[email protected]," adds a layer of vulnerability to targeted attacks. Cyber

attackers, armed with knowledge about organizational naming conventions, can
systematically target specific individuals within the organization.

This predictability in usernames transforms the puzzle into a vulnerability, allowing

malicious actors to tailor their Password Spraying Attacks with a higher likelihood of success.
Understanding the risks associated with easy-to-guess usernames became paramount for
BSIT-3 in its mission to fortify its defenses.
To address this challenge, BSIT-3 embarked on a two-pronged approach. First, they explored
the implementation of non-standard username conventions, introducing an element of
unpredictability that could thwart cyber attackers. Second, the organization undertook

4
educational initiatives to raise awareness among users about the importance of unique
usernames in mitigating the risks posed by Password Spraying Attacks.

Limited Security Measures: Holes in the Cyber Defense

BSIT-3, despite its dedication to cybersecurity, identified gaps in its digital armor – the
absence of robust security measures. These missing pieces included inadequate account
lockout mechanisms, the lack of multi-factor authentication (MFA), and the use of
predictable usernames. These vulnerabilities collectively created opportunities for cyber
attackers to exploit the organization's digital infrastructure.

The absence of robust account lockout mechanisms meant that attackers could repeatedly
attempt to guess passwords without any hindrance. Without the safeguard of multi-factor
authentication, even a compromised password could potentially grant unauthorized access.
The use of predictable usernames further facilitated the success of Password Spraying
Attacks.

Recognizing the critical nature of these missing security pieces, BSIT-3 took strategic steps to
fortify its defenses. Implementing stringent account lockout rules became a priority to
prevent prolonged password spraying efforts. The organization also mandated the
implementation of multi-factor authentication across the board, adding an additional layer of
security to counteract the effectiveness of Password Spraying Attacks.

In parallel, BSIT-3 explored the adoption of non-standard username conventions to reduce

predictability, making it more challenging for cyber attackers to exploit this aspect of user
identification. This multi-faceted approach aimed to plug the holes in the cyber defense,
creating a more resilient digital environment capable of withstanding the subtle yet potent
threats posed by Password Spraying Attacks.

By addressing these challenges head-on, BSIT-3 not only strengthened its defenses against
Password Spraying Attacks but also laid the foundation for a proactive and adaptive
cybersecurity posture. The subsequent sections will delve into the strategies implemented and
the tangible outcomes observed as a result of these strategic initiatives.
 Strategies Implemented

Building Resilient Defenses

With a comprehensive understanding of the challenges at hand, BSIT-3 undertook strategic

initiatives to bolster its cybersecurity defenses against the looming threat of Password
Spraying Attacks. This section delves into the specific measures implemented, shedding light
on the thought process behind each strategy and their collective impact.

 Enhanced Password Policies: Fortifying the First Line of Defense

- Explore the implementation of more stringent password complexity requirements.

- Discuss the rationale behind periodic password updates to thwart persistent attackers.
- Highlight the importance of enforcing non-standard username conventions as a
complementary measure.

 Account Lockout Mechanisms: Thwarting Persistent Intruders

- Detail the configuration of account lockout mechanisms to occur after successive failed
login attempts.
- Discuss how this measure mitigates the success rate of Password Spraying Attacks by
preventing prolonged spraying efforts.
- Emphasize the balance between security and user convenience in setting account lockout
parameters.

 Multi-Factor Authentication (MFA): Adding Layers of Security

- Provide insights into the mandatory implementation of MFA across the organization.
- Illustrate how MFA acts as a robust defense against compromised passwords and enhances
overall security.
- Discuss the user education initiatives accompanying the rollout of MFA to ensure seamless
adoption.

By exploring these strategies, this section aims to showcase BSIT-3's proactive approach in
fortifying its cybersecurity posture. Each implemented measure serves as a building block,
collectively forming a resilient defense against Password Spraying Attacks.

6
 Methodology

Navigating the Cybersecurity Landscape

In navigating the complex terrain of cybersecurity, BSIT-3 embraced a meticulously designed

methodology that amalgamated industry best practices and internal insights. This section
provides an in-depth exploration of the key steps undertaken to fortify the organization's
defenses against Password Spraying Attacks.

Threat Analysis and Assessment

The journey commenced with a thorough examination of the prevailing cybersecurity threats,
with a specific lens on Password Spraying Attacks. BSIT-3 conducted a comprehensive threat
analysis, leveraging the expertise of cybersecurity professionals and tapping into cutting-edge
threat intelligence sources. This phase involved dissecting the anatomy of Password Spraying
Attacks, understanding their evolving tactics, and identifying potential vulnerabilities within
the organizational framework.

The threat analysis also encompassed an evaluation of industry-specific risks and emerging
threat vectors. By immersing itself in the broader threat landscape, BSIT-3 gained a nuanced
understanding of the challenges it faced, laying the groundwork for informed decision-
making in subsequent stages.

Stakeholder Engagement and Collaboration

Recognizing the multifaceted nature of cybersecurity, BSIT-3 fostered a culture of

collaboration across key stakeholders. Engaging IT security teams, end-users, and
management in a collaborative dialogue became instrumental in aligning cybersecurity
strategies with organizational objectives.

Stakeholder interviews were conducted to elicit valuable insights into user behaviors, pain
points, and the prevailing cybersecurity culture. This collaborative approach not only
facilitated the exchange of diverse perspectives but also ensured that cybersecurity measures
were tailored to the specific needs and nuances of BSIT-3.

Strategy Formulation and Implementation

Armed with insights from the threat analysis and stakeholder engagement, BSIT-3 embarked
on the formulation of a bespoke cybersecurity strategy. This strategy, finely tuned to address
the unique challenges posed by Password Spraying Attacks, became the blueprint for
subsequent implementation.

The implementation phase unfolded in a phased manner, with BSIT-3 introducing enhanced
password policies as the foundational layer of defense. The rationale behind each element of
the strategy, from stringent password complexity requirements to non-standard username
conventions, was meticulously considered. The strategic deployment of account lockout

7
mechanisms and the mandatory adoption of Multi-Factor Authentication (MFA) further
fortified the organization's security posture.

User Education Initiatives

Recognizing that cybersecurity is not solely a technological challenge but also a human one,
BSIT-3 invested in robust user education initiatives. Communication channels, workshops,
and training modules were deployed to elevate user awareness and cultivate a culture of
cybersecurity vigilance.

These initiatives were crafted with a user-centric approach, ensuring that the workforce not
only understood the importance of cybersecurity but also felt empowered to actively
contribute to the organization's security goals. The deployment of MFA, for instance, was
accompanied by targeted educational campaigns to guide users seamlessly through the
transition.

Continuous Monitoring and Evaluation

A cornerstone of BSIT-3's methodology is the commitment to continuous monitoring and

evaluation. Robust mechanisms were established to track the real-time effectiveness of
implemented cybersecurity measures. Continuous monitoring, informed by threat intelligence
feeds and periodic vulnerability assessments, allowed the organization to adapt swiftly to
emerging threats.

This phase also involved the establishment of key performance indicators (KPIs) to quantify
the impact of cybersecurity measures. Regular evaluations ensured that the organization
remained agile, making data-driven decisions and refining its cybersecurity strategy based on
real-world outcomes.

Lessons Learned and Feedback Loop

An integral component of BSIT-3's methodology is the embrace of a perpetual learning

mindset. The organization instituted a feedback loop that gathered insights from security
incidents, user feedback, and the outcomes of threat assessments. Regular retrospectives
provided a structured platform to distill lessons learned, identify areas for improvement, and
uncover opportunities for further enhancing cybersecurity measures.

This iterative process of learning from experience became a catalyst for refinement and
optimization. The feedback loop not only addressed immediate challenges but also
contributed to the continuous evolution of BSIT-3's cybersecurity approach.

This extended and detailed methodology underscores BSIT-3's commitment to a systematic

and adaptive approach to cybersecurity. By intricately navigating the cybersecurity landscape
through threat analysis, collaboration, strategic formulation, user education, continuous
monitoring, and a robust feedback loop, BSIT-3 has laid the groundwork for sustained
security excellence in the face of dynamic cyber threats.
 8 Impact
Results and

Evaluating the Effectiveness

With the implemented strategies in place, BSIT-3 observed a transformative shift in its
cybersecurity landscape, marked by tangible outcomes and noteworthy impacts. This section
intricately examines the measured results and their far-reaching implications, showcasing the
organization's journey towards enhanced resilience against Password Spraying Attacks.

Reduction in Successful Attacks: A Defended Fortress

In the wake of fortifying its digital ramparts, BSIT-3 witnessed a discernible reduction in the
frequency of successful Password Spraying Attacks. The meticulous implementation of
enhanced password policies, underscored by more stringent complexity requirements and
periodic password updates, emerged as the linchpin in creating a robust defense mechanism.
Statistical evidence meticulously gathered during this period revealed a noteworthy decline in
successful unauthorized access attempts, solidifying BSIT-3's standing as a fortified fortress
in the face of persistent cyber threats.

However, the success did not merely rest on the technical intricacies of password policies.
The organizational shift towards promoting non-standard username conventions played a
complementary role. This approach not only added an extra layer of unpredictability but also
highlighted the interconnected nature of cybersecurity strategies. The reduction in successful
attacks became not just a statistical triumph but a testament to the holistic approach adopted
by BSIT-3 in fortifying its digital citadel.

Improved Incident Response: Swift Detection and Mitigation

The integration of Multi-Factor Authentication (MFA) and the astute configuration of account
lockout mechanisms heralded a new era in BSIT-3's incident response capabilities. The
organization transitioned from a reactive stance to a proactive one, characterized by swift
detection and mitigation of potential security incidents. Real-world scenarios underscored the
instrumental role played by these enhanced strategies in minimizing potential damages and
preventing unauthorized access.

The narrative of improved incident response extends beyond the technical realm. It
encapsulates the empowerment of cybersecurity personnel, fostering a culture of agility and
resilience. BSIT-3's incident response success stories are not merely case studies; they are
narratives of collaboration, adaptability, and the collective determination to safeguard digital
assets.

Enhanced User Awareness: A Culture of Cybersecurity

Educational initiatives and targeted awareness campaigns emerged as catalysts for change
within BSIT-3's user community. The once-passive participants in the digital landscape
evolved into vigilant contributors actively involved in maintaining a secure cyber

9
environment. The impact of increased awareness became a cornerstone in the organization's
overall cybersecurity

posture, creating a culture where every user became a proactive guardian against potential
threats.

This shift in user behavior is not merely a statistic but a testament to the effectiveness of
strategic communication and education. BSIT-3's user community transitioned from being
potential weak links to active participants in the cybersecurity narrative. The success stories
of thwarted social engineering attempts and informed responses became the fabric of BSIT-
3's evolving cybersecurity culture.

This comprehensive evaluation of results not only highlights the success of implemented
strategies but also sets the stage for understanding the broader impact on BSIT-3's
cybersecurity landscape. The subsequent sections will delve into the valuable lessons learned
during this transformative journey and offer proactive recommendations for sustained
security excellence.
 Lesson10
Learned

Insights for Continuous Improvement

Reflecting on the journey, BSIT-3 gained invaluable insights that extend beyond the
immediate success of implemented strategies. This section delves into the lessons learned,
providing profound insights for continuous improvement in the realm of cybersecurity.

Continuous Adaptation: The Essence of Cybersecurity Evolution

In the ever-evolving landscape of cybersecurity, BSIT-3 recognized the paramount

importance of continuous adaptation. Lessons learned emphasized the dynamic nature of
cyber threats, necessitating a proactive and adaptive approach. The organization cultivated a
mindset that treats cybersecurity not as a one-time project but as an ongoing process requiring
constant vigilance and evolution.

The lesson of continuous adaptation extends beyond technology. It encompasses

organizational culture, policies, and the readiness to embrace emerging security technologies.
BSIT-3's journey reinforced the notion that cybersecurity is a journey without a final
destination. The organization remains committed to staying ahead of evolving threats,
regularly updating strategies, and fostering a culture of agility and resilience.

Importance of User Education: Empowering the First Line of Defense

One of the most impactful lessons learned was the pivotal role of user education and
awareness programs. BSIT-3 discovered that informed and vigilant users are the first line of
defense against cyber threats. Education became a powerful tool in transforming users from
potential weak links to active contributors to cybersecurity resilience.

The lesson here is not just about teaching users to recognize phishing emails or creating
strong passwords. It's about fostering a cybersecurity culture where every individual
understands their role in safeguarding the organization's digital assets. BSIT-3's experience
revealed that an investment in user education pays dividends in the form of a more resilient
and security-conscious workforce.

This profound lesson extends to ongoing initiatives within BSIT-3. The organization is
committed to continuously enhancing its educational programs, ensuring that users remain
well-informed about the evolving threat landscape and the role they play in maintaining a
secure digital environment.

By delving into these lessons, BSIT-3 not only fortifies its existing cybersecurity framework
but also lays the groundwork for a culture of continuous improvement and adaptation to
emerging threats. The subsequent section will transition to proactive recommendations,
outlining steps for sustained security excellence based on these insights.
 11
Future Recommendations

Proactive Steps for Sustained Security

As BSIT-3 charts the course for its cybersecurity journey, the following proactive
recommendations are proposed to fortify its defenses and ensure sustained security
excellence. These recommendations draw from the organization's experiences, lessons
learned, and a forward-looking perspective, aiming to provide actionable steps in the face of
the ever-evolving threat landscape.

Regular Threat Assessments: Staying Ahead of Evolving Threats

In the dynamic realm of cybersecurity, the only constant is change. BSIT-3 is encouraged to
embrace a proactive stance by incorporating regular threat assessments into its cybersecurity
framework. These assessments serve as a vital instrument for staying ahead of evolving
threats, allowing the organization to identify vulnerabilities, assess potential risks, and adapt
security measures accordingly.

The recommendation emphasizes the need for periodic evaluations of the threat landscape,
considering emerging cyber threats, industry-specific risks, and the evolving tactics of
malicious actors. BSIT-3 can leverage threat intelligence tools, collaborate with cybersecurity
experts, and participate in information-sharing networks to enhance its threat assessment
capabilities. By maintaining a comprehensive understanding of the threat landscape, the
organization can implement targeted and effective security measures to safeguard its digital
assets.

Moreover, regular threat assessments provide a valuable feedback loop, enabling BSIT-3 to
continuously refine its cybersecurity strategy. The insights gained from these assessments
empower the organization to make informed decisions, allocate resources efficiently, and
ensure that its security posture remains adaptive and resilient.

Explore Passwordless Authentication: Advancements in Identity Management

In the pursuit of heightened security, BSIT-3 is encouraged to explore the adoption of

passwordless authentication methods. Traditional password-based systems, while a common
practice, inherently carry vulnerabilities. Passwordless authentication represents a paradigm
shift, offering a more secure and user-friendly alternative to traditional password-based
approaches.

Passwordless authentication methods, such as biometrics, token-based authentication, and

multi-factor authentication (MFA), provide an additional layer of security by eliminating the
reliance on passwords alone. Biometric authentication, for instance, leverages unique
physical or behavioral attributes, such as fingerprints or facial recognition, reducing the risk
associated with compromised passwords.
BSIT-3 can consider implementing passwordless authentication as part of its identity
management strategy. This transition not only enhances security but also aligns with the
organization's commitment to embracing cutting-edge technologies. As the cybersecurity
12
landscape evolves, the adoption of passwordless authentication positions BSIT-3 at the
forefront of identity management innovation.

However, it's crucial to approach this transition thoughtfully. BSIT-3 should evaluate the
compatibility of passwordless authentication methods with existing systems, consider user
training and onboarding, and assess the regulatory implications. By navigating these
considerations strategically, the organization can unlock the benefits of enhanced security and
user convenience.

These proactive recommendations serve as strategic guideposts for BSIT-3, offering a

roadmap for sustained security excellence. By incorporating regular threat assessments and
exploring advancements in identity management, the organization can fortify its
cybersecurity defenses, adapt to emerging challenges, and continue its commitment to
safeguarding digital assets in an ever-changing threat landscape.
 13
Conclusion

Forging a Path to Cybersecurity Excellence

In conclusion, BSIT-3's journey to fortify its cybersecurity defenses against Password

Spraying Attacks has unveiled a blueprint for excellence in the digital realm. The case study
has illustrated key outcomes, lessons learned, and proactive recommendations that
collectively shape a resilient cybersecurity posture.

The implemented strategies, including enhanced password policies, account lockout

mechanisms, and the integration of Multi-Factor Authentication (MFA), have significantly
reduced the success rate of Password Spraying Attacks. BSIT-3 stands as a defended fortress,
demonstrating the effectiveness of a holistic approach to cybersecurity.

Moreover, the case study emphasizes the invaluable role of continuous adaptation and user
education. BSIT-3 has learned that cybersecurity is not a destination but a journey, requiring
perpetual vigilance and adaptability. By fostering a culture of awareness and empowerment
among its user community, the organization has elevated its first line of defense against
evolving threats.

Looking ahead, the proactive recommendations provide a roadmap for sustained security
excellence. Regular threat assessments are advocated to keep BSIT-3 ahead of emerging
threats, ensuring a proactive cybersecurity posture. Exploring passwordless authentication
represents a strategic step toward embracing cutting-edge identity management practices.

In essence, BSIT-3's cybersecurity journey is not merely a response to challenges; it is a

commitment to excellence. The organization's resilience, adaptability, and proactive
initiatives form a blueprint that extends beyond the specific context of Password Spraying
Attacks. BSIT-3 emerges not just as a defender of digital assets but as a beacon of
cybersecurity excellence, ready to navigate the ever-changing landscape of digital threats. As
the organization moves forward, this commitment remains unwavering, laying the foundation
for a secure and resilient digital future.

Certainly, in a formal case study, it's essential to include proper references. Here's an example
of how you can add a references section:
 14
References

1. Cybersecurity & Infrastructure Security Agency. (2022). Password Spraying Attacks.

(https://www.cisa.gov/publications-library/password-spraying-attacks)

2. National Institute of Standards and Technology (NIST). (2022). NIST Special Publication
800-63B: Digital Identity Guidelines.
(https://csrc.nist.gov/publications/detail/sp/800-63b/final)

3. Hypr. (2022). Understanding Password Spraying Attacks.

(https://www.hypr.com/password-spraying-attack/)

4. Beyond Identity. (2022). Password Spraying Attack - Beyond Identity Glossary.

(https://www.beyondidentity.com/glossary/password-spraying-attack)

5. Auth0. (2022). What is Password Spraying and How to Stop Password Spraying Attacks.
(https://auth0.com/blog/what-is-password-spraying-how-to-stop-password-spraying-attacks/)

6. Philippine National Police Anti-Cybercrime Group. (2023). ACG-CYBER SECURITY

BULLETIN NR 248: Understanding the Risk of Password Spraying Attack.
 Table of15Content

Introduction ----------------------------------------------------------------------------------------| 1

Background ----------------------------------------------------------------------------------------| 2,3

Challenges Faced ---------------------------------------------------------------------------------| 4,5

Strategies Implemented --------------------------------------------------------------------------| 6

Methodology --------------------------------------------------------------------------------------| 7,8

Result and Impact --------------------------------------------------------------------------------| 9,10

Lesson Learned -----------------------------------------------------------------------------------| 11

Future Recommendations -----------------------------------------------------------------------| 12,13

Conclusion ----------------------------------------------------------------------------------------| 14

References -----------------------------------------------------------------------------------------| 15
 ii

Advance Information Assurance and Security

Case Study

Password Spraying Attacks

Prepared By:

Maiso, Nelson Jr. D.

Maiso, Marienel D.
Lacasa, Louie

Intructor

Randy Jataas
BSIT-3 | December 2023