Brute Force: What it is and how to stay safe

Brute Force: What it is and how to stay safe

Brute Force In Cybersecurity

What Are Brute Force Attacks?

Every 39 seconds that your company’s site is not attacked is a miracle. Reports have shown that a cyberattack occurs every 39 seconds. It’s a miracle because every attack that you escape is not purely by how much you employ cybersecurity hygiene nor because the attacker has no need for the info on your site—every piece of information is valuable.

Rather, you are just lucky. But, it doesn’t have to be so.

Among the many mediums which attackers use to propagate their crimes is Brute Force. Knowing the nooks and crannies of this cyber threat might just help increase your seconds and reduce your chances of falling for an attack.

First, What Is Brute Force?

Brute Force is basically a trial=error=trial=success method that cybercriminals use to gain access to exclusive info. The attacker tries and retries multiple possible login details of the user. They do this until they are able to guess the correct password and login credentials of the user and with that, they have complete access to the user’s account or any other form of sensitive info.

This form of cyberattack is usually carried out by bots. Hence, it doesn’t always take too long before they guess the correct password.

Types Of Brute Force

From simple to sophisticated to target-specific, there are different modules to how intense a brute force attack can get. Here are some of the known types:

  • Simple Brute Force Attack: The attacker makes guesses based on what they think the password will be. In this case, the attacker doesn’t have any evidence to support picking a particular password except that it is likely. Examples are Password and admin.
  • Hybrid Brute Force Attack: The attacker makes multiple guesses of a possible password by trying different variations of either a previous password or what they believe would likely be the password. For example, if the user’s birthday is 1214, the attacker will also try 2411, 2114, 4211, and so on.
  • Dictionary Attack: The attacker tries to access the user’s account by trying common words or phrases.
  • Credential stuffing: Here, attackers reuse the details of users who were previously hacked on one site on another site.
  • Reverse Brute Force: It’s just as the name says. Unlike the usual brute force attack where the attacker has to guess the password —and sometimes, the username— here, the attacker only guesses a bunch of usernames and tries it against a password. This is because they already know the password.

Brute Force Attack Tools

Cybercriminals have in their favor, tools which help improve the speed and efficiency of their brute force attacks. Some of these tools are quite cheap and easy to access—and yet, some are free. Here are some of the notoriously popular ones:

  • Aircrack-ng: Compatible with Android, Windows, Linux, and Os, this free tool is used to break through WI-FI networks and Network Interface Card (NIC)
  • Hashcat: Works with Windows, Linux, and OS X, this free tool can be used to operate simple and hybrid brute force attacks
  • John The Ripper: Also free, this tool works with 15+ platforms, some of which include: Unix, Windows, and DOS.
  • THC Hydra: Constantly being updated, The Hacker’s Choice (THC) tool works best for cracking passwords using dictionary attacks. It supports Windows, Linux, and Mac OS

These tools, despite being used by attackers, also come in handy for penetration testers when checking the durability of companies’ security.

How to reduce brute force attacks

Since Brute force attacks are under the umbrella of cyber threats, the usual actions that protect against cyberattacks are the same that you should take to improve your safety against brute force. Your users are also at risk. Here are some tips on how you can protect them and how they can protect themselves:

  • Craft genius passwords
  • Your passwords must be something exclusive to you and you alone.
  • Avoid common passwords like: admin, password, 123456, etc. You can use password generators like Google Password generator and Kaspersky
  • Enable Multi-Factor Authentication in your site
  • Safeguard your passwords. Don’t just write it down where anyone can find it
  • Use different passwords for different sites

A lot can happen within a second

Time is of maximum importance. A security editor at Ars Technica revealed a computer cluster capable of cracking 350 billion passwords per second—in 2012! Who knows the type of creations attackers have come up with today?

For this reason, you must follow the tips listed above to improve your cyber security efficiency.

Farouk Ahmed
Latest posts by Farouk Ahmed (see all)

About Author