What is a brute force attack? I Identifying & preventing I Consultant Corner
Welcome to Consultant Corner
During this time of lockdown and remote working, many are brushing up on their extra reading and learning. We have asked our expert cybersecurity consultants to write up 5-minute reads on trends they’re seeing and tips for IT teams to stay protected. These topics aren’t COVID-19 specific and vary from VPN to brute-force attacks to barcodes.
You can stay alerted to new blogs from ‘Consultant Corner’ as soon as they are made available just register in our pop-up form below. After all, a cybersecurity blog a day keeps the malicious attackers at bay.
This blog is focused on brute force attacks and is written by, Tom Hulme, Cybersecurity Consultant at SureCloud.
Definition of a brute force attack
A brute force attack is one of the most simple forms of hacking that exists. Unlike many other tactics used by hackers, brute force attacks don’t rely on vulnerabilities within websites. Instead, these attacks rely on users having weak or guessable credentials.
Usually, the motive behind this attack is to use the breached account to execute a large-scale attack, steal sensitive data, or shut down the system. There are widely available automated tools that can submit several hundred password attempts per second, which makes this task easy for an attacker with very little imagination or knowledge.
Passwords are not the only resource that can be brute-forced. Website directories and links, usernames, and emails are also common targets for attackers.
Identifying Brute Force Attacks
Here are conditions that could indicate a brute force attack or other account abuse:
- Many failed logins from the same IP address
- Logins for a single account coming from multiple IP addresses
- Logins with multiple usernames from the same IP address
- Logins with a referring URL of someone’s mail account
- Referring URLs that contain the username and password in the format http://username:email@example.com/login.htm
- Failed login attempts from alphabetically sequential usernames or passwords
3 simple steps to limit exposure to a brute force attack
- Enabling 2-Factor Authentication (2FA) is considered to be the first line of defence against brute force attacks. If an attacker was able to successfully guess the password, this would not be enough. The attacker would also need access to your smartphone or email client. In most cases, this would be enough for an attacker to give up and search for an easier method.
- Implement a strong password policy. According to OWASP guidelines, a password should be no less than 8 characters, contain numbers, special characters and uppercase letters. Avoid the use of dictionary words, avoid reusing passwords and restrict the use of breached passwords. A maximum password length should not be set too low. A typical maximum length would be 128 characters.
- Introduce an account lockout policy with progressive delays. After three unsuccessful login attempts, the account is locked out for a set period of time. The lock-out time would increase with each subsequent failed attempt. This prevents automated tools from performing a brute force attack.
If you would like to learn about how to protect your businesses from attacks such as these and more discover SureCloud’s full portfolio of Cybersecurity services here.
SureCloud is a provider of cloud-based, Integrated Risk Management products and Cybersecurity services, which reinvent the way you manage risk.
SureCloud also offers a wide range of Cybersecurity testing and assurance services, where we stay with you throughout the entire test life-cycle from scoping through to vulnerability discovery and remediation. Certified by the National Cyber Security Centre (NCSC) & CREST and delivered using the innovative Pentest-as-a-Service (underpinned by a highly configurable technology platform), SureCloud acts as an extension of your in-house security team and ensures you have everything you need to improve your risk posture.