The abrupt changes in the work environment due to the ongoing pandemic has made cyber criminals to exploit the vulnerabilities in the remote work force. With workers accessing the company systems through Remote Desktop Protocol (RDP) from the less-secure home network, it has become easier for the hackers to compromise an office system. Despite the increasing use of RDP most companies still do not care much about its settings and security infrastructure, paving way for cyber criminals to easily access the system.
What are Brute Force Attacks?
Brute Force Attack is a trial-and-error method, where the hacker submits a series of passwords or login info to enter a login page or system. All the possible password combinations and phrases are tried by the hacker with the hope of eventually guessing the correct password.
Types of Brute Force Attack
- Dictionary Attack: Dictionary Attack is the method of trying to enter a system or web page by entering each word from a dictionary of possible passwords. This method often needs many attempts.
- Simple Brute Force Attack: Simple brute force attack is the method of iterating through all the possible passwords, one at a time. This is commonly done with local files, that does not have limits to the number of login attempts.
- Hybrid Brute Force Attack: Hybrid brute force attack method uses a combination of the dictionary attack and an iterative pattern. Certain modifications are done to the dictionary words like adding numbers and changing the alphabet cases.
- Credential Stuffing: Credential stuffing attack reuses the passwords. This method uses username and passwords from the previous data breaches. This stresses the importance of updating the passwords regularly or after a data breach.
How to Prevent Brute Force Attacks?
- Lengthy Passwords: Use lengthy passwords that require more combinations to reach. A 4-character password is easy to crack compared to an 8-character password.
- Complex Passwords: Use complex passwords that is difficult to guess. Instead of a full-alphabets or full-numbers password, combination of alphabets and numbers can be used.
- Limit Login Attempts: Brute force attacks rely on multiple login attempts. Limiting the number of login attempts restricts the user from trying more than a certain number of passwords.
- Implement Captcha: Implementing captcha is a good way to prevent bots and other automated tools from performing actions on the web page or system.
- Multi-factor Authentication: Add another layer of protection to your data with multi-factor authentication. A two-factor authentication method will require you to enter a one-time password or unique code generated by an automation tool, even after a successful login.