A brute force attack is essentially a way of guessing a password, or gaining access to something locked, simply by repetitive, trial and error-based guesswork. It is essentially the cyberattack equivalent of trying out every combination on a keypad to a locked room, hoping that eventually you’ll find the right one.
This might sound like a fairly unsophisticated attack, but it is a popular one with hackers and has been for quite a while now. In fact, some surveys estimate that brute force attacks are still responsible for more than 5% of all data breach incidents. The best way to prevent a brute force attack is to catch it whilst it’s in progress. You have a limited amount of time before the hacker gets in so you best have your wits about you!
Brute Force Attack Types
Most brute force attacks look similar but the way they are done can get quite intelligent. By far the most basic form of brute force attack is a dictionary attack. This is where an attacker essentially scrolls through a list of potential passwords, based usually from a list of the most commonly used passwords, until they get a match. We are seeing less and less of this form of attack as automation makes brute force attacks more sophisticated.
Many modern-day tools are able to aid attackers by automating brute force attacks. If your password is made up of just one word, then it’s likely a hacker can use an automated tool like Brutus, Medusa or Ncrack to get access within just a few seconds.
Another well known form of brute force attack is known as the reverse brute force attack. This is where the attacker starts with a known password (potentially from a leaked list of passwords that they find online) and work backwards; scanning through possible user accounts to match with the password.
The Motives Behind Brute Force Attacks
A brute force attack is usually the first point of entry for an attacker when they are looking for vulnerabilities to exploit. Due to the scattergun nature of the attack, they are likely canvassing a large number of organizations at the same time and letting the automated attacks carry out hoping to eventually get a match. Once they gain access, attackers can continue to use brute force to escalate their privileges and move laterally through the network.
Another common motive of brute force attack is to look for hidden web pages within a website. These are live pages that are not linked from anywhere on the site. Attackers essentially use brute force attacks to guess URLs of such pages and then attempt to exploit any security vulnerabilities they might find on half finished ones.
How to Defend Against Brute Force Attacks
There is something in your favor when it comes to brute force attacks – time! Brute force attacks are not instant, so you have some time to spot one in action and take the correct steps to prevent it from going any further. If you can increase the amount of time it takes for an attacker to force your way into your systems, then you put yourself in a good position. Here are a few things you can do:
- Captcha: A defense against automated attacks, Captcha adds another layer of security by requiring you to essentially prove that you are human by completing a task (usually a sum or picture identification)
- Multi-factor authentication: MFA goes further than Captcha by essentially requiring the person who created the account is the logging in. Most forms of MFA include answering a personal question, but some go as far as identification through biometrics.
- Using better passwords: Ensure that your users create passwords that are complex, long and are not made up of known words. If you can make your passwords a random combination of letters, numbers and special characters (at least 10 characters in length), you make it significantly harder to crack your password through brute force.
- Monitor attempted logins: If you are continuously monitoring login attempts you should be able to easily spot when there has been an unusually large number of failed logons over a small period of time. You can then take steps to disable the user account in question whilst you investigate.
Active Directory Auditing – A Solution to Help Prevent Brute Force Attacks
By far the most effective way to detect and prevent brute force attacks is through proactive and continuous monitoring of your Active Directory. With an Active Directory auditing solution like LepideAuditor, you can closely monitor attempted logins and even use threshold-based alerts to determine unusual behavior in real time. Once you have detected a potential attack, custom scripts can be generated to automatically shut down a particular user account, computer or server.
Want to see a demo of how LepideAuditor can help you detect and prevent brute force attacks? Click here.