A Brute Force attack refers to a form of cybersecurity attack where a trial and error approach is used by the attackers to decode passwords. In this case, the attackers are most likely to use a program or bot to generate possible passwords or even random character sets.
If they get the correct combination of username and password, they can now be exposed to your systems and your company information and/or customer data. There is also a particular type of Brute Force attack known as a Dictionary attack where the attackers utilize lists of common usernames and passwords instead of just using random character sets. Often such lists are obtained from other hackers who have breached other systems.
Detecting A Brute Force Attack
Having a monitoring system that can track login attempts and alert you when certain thresholds are exceeded is the best plan for detecting a Brute Force attack. With such a system, you will be able to:
- Check for an unusually high number of login attempts that come from a single IP address. This could indicate a bot running with that IP address from the system that is quickly attempting various combinations of username and password.
- Set up an alert for when there is a sharp increase in login attempts over a specific time period. This unusual increase could also indicate that a program is automatically attempting to enter different sets of credentials.
- Detect possible compromised credentials by correlating specific accounts with a high number of failed login attempts. For multiple systems, users often reuse the same credentials, and attackers reuse credentials they could have stolen from one system to gain access to another.
Unfortunately, even if you set up a monitoring system and receive notification of these various types of unusual behaviors, you may not be able to act quickly enough to prevent the attackers from getting in. So in the first place, you need to make sure that you are protected against these types of attacks.
Outlined here are four strategies to prevent brute force attacks.
Implement Multi-Factor Authentication
Through trial and error, the attackers may be able to figure out the username and password combination, but providing an additional authentication factor such as a hardware or software token is much more difficult for them. Besides the usual username and password, MFA requires a user to provide something additional. To confirm the additional authentication factor, users may have to provide a fingerprint or a one-time password (OTP) or have a specific piece of hardware on hand, such as their phone or a USB token. These extra forms of authentication are much more difficult for attackers to spoof. An adaptive authentication system that takes into account the context in which the login attempt is made, i.e., geolocation, IP address, device, etc., offers even better protection.
Enforce Complex Passwords and Refreshes of Passwords
Enforcing complex passwords is one of the simplest ways to slow the attackers down. The added complexity and length only adds to the number of possible combinations of characters a bot needs to go through in a simple attack by Brute Force.
You may also require users to refresh or create new passwords periodically. A changed password means all previous attempts were useless since simple Brute Force attacks can take time to run through all the possibilities.
If the capability is available on your authentication system, make sure to set the maximum number of login attempts. Ensure that the account gets locked once the number is exceeded. This will prevent the attacker from trying indefinitely to get into that one account.
Check for Compromised Credentials
Hackers collect large databases of known usernames and passwords from the hacking of different systems over time. For all the applications they try to hack, users tend to reuse the same combinations of usernames and passwords because it is difficult to remember a lot of different credentials. In their brute force attacks, hackers understand this and take advantage of it by using the credentials from those databases. You can prevent users from using the same sets of credentials that hackers will try by checking a user’s credentials against known lists of compromised credentials and asking them to choose a new password when there is a match. This can slow their ability to get in because they now have to rely on their ability to try many passwords randomly generated.
Cybercriminals are becoming more and more successful at breaking into systems. Companies can lose money when they get in and lose their customers’ trust. In order to prevent attacks such as Brute Force attacks from occurring, we must all remain vigilant and put protections in place.