Brute Force Attacks: What are They and How to Protect Against Them
What is a brute-force attack?
A brute-force attack is a method used by cybercriminals to crack passwords or encryption by trying all possible combinations of characters until the correct one is found. It involves using automated software that systematically tries different combinations of characters until the password or encryption key is discovered. Brute-force attacks can be successful if the password is weak or if the encryption key is short. They can also be time-consuming and resource-intensive for the attacker if the password or encryption key is long and complex. To prevent brute-force attacks, it’s important to use strong passwords, enable multi-factor authentication, and use encryption methods that are difficult to crack.
This post is part of our Cyber Threat Series.
The Challenge:
Hackers use Brute Force Attacks to target a single service exposed to the Internet, including Remote Desktop, Outlook Web Access, and email services. Brute Force Attacks gain access by trying every viable access method or password.
Hackers use these attacks to access your data or to install other malware within your systems. Patient hackers space out attempts; they are difficult to notice or detect. When hackers rush, the impact can be similar to a DDOS attack.
Hackers can launch Brute Force Attacks externally or from malware-infected systems on your network. Internal attacks often target specific systems and vulnerabilities, such as SQL Server and SQL Injection vulnerabilities.
How to prevent brute force attacks
Require robust passwords; they are your first protection from Brute Force Attacks. Put controls in place to enforce best-practice password structure and expiring passwords can thwart an attack.
Deploy Multi-Factor Authentication. MFA creates and additional level of protection since a compromised password is not sufficient for access.
To protect against internal attacks, ensure systems run current operating system versions. Keep all systems current with patches and updates.
Revisit the four pillars of cloud security, and make sure you fully understand the most important strategies for protecting from brute force attacks.
Deploy “Next Gen” protections to keep Brute Force Attack malware from making it onto your servers and clients:
- Advanced threat protection (ATP) for email
- Endpoint and mobile device protection
- DNS security and protection
- Web protection and filtering
FAQs
How common are brute force attacks?
Brute force attacks are one of the most common types of cyberattacks and are used by attackers to gain unauthorized access to user accounts, servers, or other systems. The frequency of brute force attacks depends on various factors, including the target system’s popularity, the type of authentication mechanism used, and the complexity of the password or encryption key. For example, systems that use weak passwords or no multi-factor authentication are more vulnerable to brute force attacks. According to a recent report by Akamai, brute force attacks accounted for more than 30% of all login attempts on web applications in 2020. As such, it is essential to implement robust data protection and security measures to prevent brute force attacks and protect sensitive data from unauthorized access.
What are the two types of brute force attacks
The two types of brute force attacks are:
- Online brute force attack: In this type of attack, the attacker tries to guess the password or encryption key by repeatedly attempting to log in or decrypt data using different combinations of characters. Online brute force attacks are typically carried out against web applications or online services and are often automated.
- Offline brute force attack: In this type of attack, the attacker obtains a copy of the encrypted data or password hashes and attempts to crack them offline by running automated software that tries different combinations of characters until the correct password or encryption key is found. Offline brute force attacks are more time-consuming than online attacks, but they can be more successful as the attacker has more time to try different combinations of characters.
What are the signs of a brute force attack?
Here are some signs that your system may be experiencing a brute force attack:
- Multiple failed login attempts: If you notice multiple failed login attempts from the same IP address, it could be a sign of a brute force attack. The attacker may be trying different combinations of usernames and passwords to gain access to your system.
- Unusual account activity: If you notice unusual activity on a user account, such as logins from different locations or at odd hours, it could be a sign of a successful brute force attack.
- Slow system performance: A brute force attack can cause a system to slow down or crash due to the high volume of login attempts.
- Unusual network traffic: A brute force attack can generate a large amount of network traffic, which can be detected by monitoring network activity.
- Brute force attack tools: If you find tools used for brute force attacks on your system, such as password cracking software or script files, it could be a sign that your system has already been compromised.
If you suspect that your system is being targeted by a brute force attack, it’s important to take action immediately to prevent further damage and protect your sensitive data.
Contact us to discuss cyber threat protection best practices, and ensure you are set up properly to avoid a brute force attack in the future. The Cloud Advisory session is complimentary and without obligation.