Brute force attack definition
A brute force attack uses relentless trial and error to decode sensitive data like passwords or encryption keys. An attacker typically uses an application to attempt to guess data over and over, using all possible combinations until the correct one is found. A common example of a brute force attack is trying possible password combinations until the correct password is discovered. In a network, a successful attack can be used to deliver various types of malware that may spread throughout the network.
The term "brute force" refers to a physical attack, like something you might have seen in a movie, where attackers try to break through a locked door by ramming it over and over until it breaks. Another analogy could be trying to break into a building by trying every key that the security guards have until one unlocks the door.
Brute force attacks usually use an automated tool, so they don't require as much skill as more complex types of attacks. They can be time-consuming because they have to try many different possibilities until the right one is found, but with brute force attacks on passwords, for instance, weak passwords can make the task go faster. A short password of just three or four letters or numbers has a much smaller number of possible combinations than a long, complex password with capital and lowercase letters, numbers, and symbols.
Types of brute force attacks
A dictionary attack involves the attacker identifying a specific target and trying possible passwords from a dictionary, or alternatively from another source such as lists of passwords from data breaches.
Reverse brute force attack
In a reverse brute force attack, instead of guessing many possible combinations of passwords, the attacker guesses a common password or collection of common passwords with many possible usernames. Most organizations standardize the format of their employees' usernames, such as [first initial][last name] or [first name][.][last name], so knowing this, and perhaps having a list of employee names (scraped from LinkedIn or a public company directory) can help with this type of attack, especially if employees are not required to use complex or unique passwords.
In a credential stuffing attack, the attacker isn't just guessing at usernames or passwords; they have a list of valid username and password combinations and they try these out on various systems. These lists often come from data breaches, which is one reason re-using passwords is typically not a good idea.
Rainbow table attacks
Rainbow tables are precomputed tables of plaintext passwords and their corresponding hash values. A rainbow table attack involves using this pre-calculated data to determine a password based on its hash value. Often in this type of attack, the attacker has found or stolen a database of passwords.
Brute force attack news
Brute force attacks on business networks & RDP connections
A brute force attack on a company network may be the first step to a more complex attack. Using one endpoint or RDP connection, an attacker could infiltrate the company network, gather information, and attack from inside. Ransomware attacks on businesses of all sizes have been increasing steadily, and a brute force attack could be the first step to a major ransomware infection that brings business to a standstill.
Companies are increasingly using RDP to enable remote work, so more attackers are targeting RDP endpoints. The massive transition to work from home in 2020 caused a proportionate increase in remote desktop protocol (RDP) connections. Increasingly, IT professionals are using RDP to assist their remote workforce, and at home, workers are using RDP to access workstations and file servers in their offices. The rise of RDP connections is also unfortunately correlated to the influx of brute force attacks by cybercriminals. In fact, between March and April 2020, brute force attacks increased from 200k to over 1.2M per day in the United States according to BleepingComputer.
Brute force attacks are simple and reliable. Once a cybercriminal discovers the correct password to an available RDP connection, they can gain access to the endpoint and deposit any type of malware to infect the endpoint and spread laterally throughout the network. Brute force attacks are becoming an extremely common means of spreading ransomware, which often demands high payments and causes long periods of downtime.
Brute force attacks on RDP connections are part of the remote work “new normal.” Cybercriminals are heavily targeting RDP password vulnerabilities to deposit malware, such as ransomware and spyware. The Brute Force Protection feature minimizes RDP connection exposure and blocks attacks as they happen.
The Brute Force Protection feature offered by Malwarebytes reduces vulnerabilities of RDP connections. By tracking repeated failed login attempts, Malwarebytes can selectively block malicious Host IPs, preventing the cybercriminal from successfully completing a brute force attack and infecting endpoints with malware payloads.