How Does a Brute Force Attack Work
By Adam
A brute force attack, sometimes called brute force cracking, is the equivalent of trying every key on your keyring until you find the right one. Brute force attacks were responsible for 5% of verified data breach events in 2017 and encouraged various industries to find protection such as one-way data encryption in healthcare.
Brute force attacks are straightforward and dependable. Attackers let a machine do the work, such as attempting multiple login and password combinations until they discover one that works. Detecting and defeating a brute force attack in progress is the greatest defense: once attackers get access to the network, they become considerably more difficult to detect.
Brute Force Attack Types
A dictionary attack is the most basic type of brute force attack, in which the attacker goes through a dictionary of potential passwords and attempts them all. Dictionary attacks begin with certain assumptions about typical passwords to try to guess from a dictionary list. Given newer and more powerful tactics, these attacks are becoming rather obsolete.
Recent computers from the last ten years or so can brute force break an 8-character alphanumeric password with capital and lowercase letters, digits, and special characters in around two hours. Computers are sufficiently powerful that they can brute force decipher a weak encryption hash in a few months. An exhaustive key search is a type of brute force attack where a computer attempts every possible combination of every possible character to find the correct combination.
Credential recycling is another sort of brute force attack that attempts to break into other systems by reusing usernames and passwords from previous data breaches.
The reverse brute-force attack begins with a popular password, such as “password,” and then attempts to brute force a username to go with that password. Because “password” is one of the most often used passwords, this method is more effective than you would believe.
The Reasons for Brute Force Attacks
Brute force attacks often occur during the reconnaissance and penetration stages of the cyber death chain. Brute force approaches are a “set it and forget it” method of acquiring access to targets. Once within the network, attackers can employ brute force tactics to increase their privileges or carry out encryption downgrade operations.
Brute force attacks are also used by attackers to find hidden websites. Websites that exist on the internet but are not linked to other pages are known as hidden web pages. A brute force attack checks many addresses to determine whether they produce a legitimate webpage and then looks for a page to exploit. Things like a software flaw in the code that they might use for infiltration – such as the hole exploited to breach Equifax – or a website that exposes a list of usernames and passwords to the public.
Because a brute force attack requires minimal subtlety, attackers might automate many attempts to run in parallel to increase their chances of getting a positive outcome.
How to Protect Yourself Against Brute Force …read more
Source:: Social Media Explorer