What Is A Brute Force Attack? What You Need To Know To Stay Safe

A brute force attack is an increasingly popular method through which hackers gain unauthorized access to sensitive data by guessing passwords. Verizon’s 2020 Data Breach Investigations Report found that over 80% of data breaches are caused by hacking involving “brute force or the use of lost or stolen credentials.” Brute force attacks are only becoming more popular due to increased cybersecurity vulnerabilities connected to the rise of remote work.

Let’s explore some of the common characteristics of this threat before determining how to prevent brute force attacks.

What is a brute force attack?

Simply put, a brute force attack is a trial-and-error method where a hacker or bot simply tries to guess login credentials. The term “brute force” comes from the hacker relentlessly trying every possible password until they stumble upon the one that works, gaining unauthorized access to data by sheer force of will.

How does a brute force attack work?

There are many different types of brute force attacks, each with their own methodology. It’s a good idea to familiarize yourself with the different types in order to best determine how to prevent brute force attacks:

• Simple brute force attacks. This occurs when a hacker tries to guess the password manually, typically by trying common, easily guessable passwords like “password” or by gleaning personal information like birthdays and children’s names from the target’s online presence.
• Dictionary attacks. This occurs when a hacker attempts to break into an account by using a pre-selected list of passwords built with that target in mind.
• Hybrid brute force attacks. As the name suggests, this is a combination of two attack methods, namely dictionary attacks and simple brute force attacks. The bad actor starts with a list of words and then plays around with number and character combinations added to the password. For example, many passwords have a small string of numbers tacked on at the end to denote years, dates, and other personal information.
• Reverse brute force attack. This occurs when a bad actor comes in possession of a password following a network breach and searches for the matching user login.
• Password spraying. Instead of choosing an account and then trying innumerable password combinations until the account is unlocked, the hacker chooses a common password and then tries it out on multiple accounts until one unlocks.
• Credential stuffing. This occurs when a bad actor uses passwords and login credentials stolen from one organization and uses them to try to break into accounts at other organizations. Credential stuffing is successful because people commonly use one password across multiple accounts.

How to prevent brute force attacks

The good news is that brute force attacks are preventable. First and foremost, passwords should be optimized for security. For example, any weak, commonly used password, like “123456,” “password,” or “111111” should be changed immediately. With that in mind, it’s a good idea to bypass passwords containing any dictionary words. A combination of numbers and letters is harder to guess than a password using words and phrases, especially if they contain easily obtainable personal details.

Also, each password should be unique to each account. The last thing you want to do is unwittingly hand over what’s known as “the keys to the kingdom” and allow a bad actor access to all of your professional and personal accounts at once.

On an organizational level, instituting a security feature that locks users out of an account after a handful of unsuccessful login attempts will go a long way towards protecting your business’s data. Two-factor authentication is another popular, not to mention effective preventative measure for combatting brute force attacks and credential stuffing.

Be proactive

The best way to avoid falling victim to cyberthreats is by staying vigilant and following cybersecurity best practices, such as setting your passwords to auto-expire or never containing your personal information within them. SiteLock can help you safeguard your data against brute force attacks and countless other threats. Get in touch today to find out how.