When you hear the term “brute-force attack,” you may think about a savagely violent person or animal aggressively attacking another being. But if you’re in cybersecurity, you may envision something completely different—although no less frightening.
In technology, a brute-force attack is when a hacker uses automated software to hammer an organization’s system with usernames, passwords, or passphrases until it successfully guesses the right combination and gains entry to that system. Such attacks are often the most successful when system passwords are fairly short because a brute-force attack moves quickly and isn’t as effective if there are longer passwords or passphrases to handle. Hackers use brute-force attacks to gain entry to a system illegally so they can steal valuable data from that website, shut it down, or execute another kind of attack. Another tactic is for the hacker to gain access to your system and then wait to use that access later.
A recent six-month study by Proofpoint of major cloud service tenants finds that there are “massive” brute-force attacks coming mainly from Nigeria, but also from China, Brazil, South Africa, and the United States. Most of those attacks leveraged IMAP and used compromised network devices such as routers and servers to launch attacks. Unfortunately, the brute-force attacks found success 44 percent of the time.
Despite the increasing frequency of such attacks, there are ways that organizations can protect themselves. Among them:
- Three strikes and you’re out. Systems need to lock out users who have three failed login. A downside is that implementing such a protocol means that one hacker can lock up several accounts, which can lead to a denial of service for users and one big headache for the administrator who must unlock each account.
- Employ CAPTCHA. Are you human? That’s what CAPTCHA (completely automated public Turing test) tries to ensure by requiring the user to type the letters of a distorted image. Be aware that some users don’t have kind words for CAPTCHA and find it difficult to decipher—it takes the average person about 10 seconds to solve a typical CAPTCHA.
- Require strong passwords. Passwords need to be at least eight letters with both uppercase and lowercase letters, numbers, and at least one special character. Consider password manager tools like LastPass, Dashlane, Roboform and KeePass.
- Rely on two-factor authentication. Having a password isn’t enough for a two-factor authentication, which also requires something like your cellphone number or a code that is sent to you via SMS. Some companies will allow users to verify a device only once, while others will require authentication every month or every year.
You May Also Like
- Backup and Disaster Recovery Business Continuity Compliance Cybersecurity Data Protection Data Resilience Ransomware
DCIG Review: Embracing Hybrid Clouds and Mitigating Ransomware Threats with Arcserve UDP 10
October 31st, 2024 - Backup and Disaster Recovery Business Continuity
Tech Conversations | Beyond the Arc - Halloween Edition: Teachable Moments from Scary Real-Life IT Stories
October 23rd, 2024 - Backup and Disaster Recovery Business Continuity Compliance Cybersecurity Data Resilience
It’s Cybersecurity Awareness Month: Why Compliance Is More Crucial Than Ever To Securing Our World
October 8th, 2024