Cyberattackers that target passwords, also known as password cracking, is one of the most common techniques used in compromising secured data. Password attacks have left even the biggest companies vulnerable, including Yahoo and Adobe. Taking proper precautions to protect the passwords your organization uses and processes, therefore, is essential.
The most common forms of password attacks are known as “dictionary” and “brute force.” Here is what you need to know about these password attacks.
Brute Force Password Attack
Brute force is considered one of the most widely known password attacks where the hacker inputs as many arbitrary password combinations as possible – until something works. Brute force password attacks may use existing password lists (such as those found on the Dark Web) or bots, which automatically generate password combinations to facilitate a data breach.
Brute force is considered a form of cryptoanalytic attack because hackers employ invasive tactics to compromise encrypted, restricted data found in information systems. Brute force password attacks are pervasive and also among the most popular cyberattack methods because password generation can be automated rapidly and in high volumes.
What are some signs that your organization was a victim of a brute force password attack?
In addition to excessive failed password attempts, there are telltale signs that you have been hacked with brute force, including:
- Numerous login attempts with multiple usernames from the same IP address
- Multiple login attempts with a single account coming from numerous IP addresses
- Bandwidth consumption that is beyond the amount use for a single login session
How do I protect myself from brute force password attacks?
As one of the most common password attack vectors, there are several ways to protect your company from a data breach:
- Restrict attempts: put a cap on the number of login attempts a single user may make
- Delay time between attempts: holding up the process for making multiple password attempts will help IT managers to detect suspicious activity and act on it
- Lock out suspected IP addresses: although you can put an IP address block when too many attempts are made, be aware that bots can generate attempts from multiple IP addresses, rendering them undetectable
- Enlist detection and mitigation tools: there are information security tools that can help you to detect, identify and mitigate threats such as password attacks. For example, the Open Source HIDS SECurity (OSSEC) will help to detect intrusions. Site scanners will also help to pinpoint password attacks. Threat modeling will help you to identify such threats then implement security requirements to mitigate them.
Dictionary Password Attack
The dictionary password attack is a method of breaking into a password-protected system by using a predefined program or script. This form of hack is called “dictionary” attack for a reason. Hackers use password combinations – including words, phrases, and letter and character combinations – that are most likely to succeed.
Why does the dictionary password attack affect so many people?
This method is particularly dangerous because of basic human error. People tend to keep passwords that are short and easy-to-remember, e.g. “password123.” Application and system users are also inclined to use predictable word variations, such as appending numbers and characters at the end of common dictionary words.
Computer system users may forget to change the password from the factory default. Hackers can do some investigating and obtain this information to try some password combinations. If a hacker obtains a list of employee names, they can try variations on username credentials to blow a computer system wide open.
How can I protect myself from brute force password attacks?
Preventing unauthorized password access via dictionary attack mitigation is relatively straightforward:
- Enforce strict password creation policy requiring long, complex passwords
- Require users to change their password on a regular basis
- Make sure users change from the default vendor password upon first use
Protect Your Organization From Common Password Attacks
ThreatModeler is an award-winning software platform that automates the creation of threat models that map out security threats on a threat surface. ThreatModeler will protect an organization from the Open Web Application Security Project™ 10 most common cybersecurity threats (OWASP Top 10), including common password attacks. ThreatModeler is the industry’s top rated platform for cloud security threat mitigation through threat modeling.
To learn more about why ThreatModeler is an excellent choice for your enterprise, request a free evaluation of the ThreatModeler platform or contact us to speak with an application threat modeling expert today.