Brute Force Attacks in Cybersecurity
I am very happy to touch on these topics in cybersecurity, between the specialization that I am taking, comments from colleagues and friends, it is that I take on the task of writing about specific topics, in the same way I write about general training in IT and cybersecurity, as well such as those that already go to advanced topics and even some topics that are not well known.
The present brings together the experiences of people who already have years of experience in the field, as well as my own experiences that I have had in 22 years of enjoying technology and how the world is changing.
The issue of cyber attacks is very extensive, it changes every day and without a doubt, today is the day in which we cannot reach cybercriminals, their sponsors provide them with economic resources, as well as enormous computing capacity and emerging technology. very advanced.
Today we will talk about Brute force attacks.
In a general context, I will tell you about its context, this is basic knowledge, the use of complex and unique passwords, this is considered a simple measure that every company must take to protect its devices, this practice arises, in part, as a response to brute force attacks, cyberattacks that consist of decrypting access credentials by trial and error.
Well, let's start by defining: What is a brute force attack?
A brute force attack is a repetitive and systematic attempt to decrypt a password, key or credential by trying all possible combinations until the correct one is found. These are cyberattacks that do not require a complex strategy, but rather the application of the test method and error, applying different combinations of characters, the important thing here is the computing capacity to process those thousands or millions of tests.
This is the mechanics, because they must make a large number of attempts before finding the correct password, cybercriminals usually create bots or botnets to try a huge number of possible passwords at the same time, thus reducing the time it would take to gain access to the victim's personal or confidential data.
In practice, this attack method is usually used to decrypt usernames, passwords, encryption keys, API keys (Application Programming Interfaces) and SSH logins (Secure Shell), the latter being a program which allows remote access to a server over a secure channel.
The domains or networks that suffer an attack of this type are because the objective is to violate passwords. I remember on one occasion that a cybersecurity administrator told a user: “Your network user was being attacked and it is your responsibility.” ", well this happens when you do not have the appropriate and trained personnel in the area of Network security, in the first instance the cybersecurity infrastructure must detect these attacks and mitigate them, in this way the user never realizes it, imagine the type of ignorance tell the user that it is their fault, let's really analyze when is it their responsibility? Generally these attacks are directed, there is an objective that cybercriminals are pursuing, I tell you this; because it is necessary to train users in cybersecurity, it is mandatory, however, the events due to the quantity, their nature and the technical background, because for a normal user, it seems to me that the technical information is too much, the important thing is to see where We have the gap, if our password systems do not have the necessary robustness, variability, complexity, that there are no coincidences with either the company or the user, 12 digits are only examples, and of course adding a multiple authentication factor .
So, let's not let ourselves be scared, without a real and technical basis, so far I do not know of an internal brute force attack, but I do know of users who are visiting pages where bad guys can take their email, their username, and their domain and with this, you already have a lot of information to mount an attack of this type, at least.
So, with this I answer the question: it is a shared security responsibility, firstly the business policies and their defense mechanisms and secondly the way the user navigates the Internet and the large number of applications in the cloud, in this way . So I tell you that, if you train your users or carry out awareness campaigns, you will achieve much more than threatening them with a course and exams with technical terms that are not useful to the user, on the contrary it lends itself more to confusion, much more so if The business is global, sadly I have personally verified, this type of actions and believe me, it can leave you inoperative or lose clients, for not recognizing the difference between countries due to the internal process, as well as the language and government laws. , then this security policy is authoritative and not at all flexible, so it could even be labeled as not very functional, there are better ways to extend it to the entire company, regardless of the country.
Types of brute force attacks
There are different types of brute force attacks, having in common that they all start from trying different combinations until reaching a user's password and are external:
Credential stuffing
Credential stuffing consists of taking advantage of password leaks and data traffic, which can be purchased on the Dark Web to fill in access fields on multiple platforms until you get one that matches.
This method is extremely effective, even if the user uses a complex password, as many people use the same password that could have been previously leaked in multiple accounts despite knowing that this implies a computer vulnerability (this must be included in the training to the user). user, do not use the same password for all your accesses, especially remote ones).
Simple brute force attacks
Simple brute force attacks use the trial and error method described above, trying random character combinations until the victim's credentials are decrypted. They are usually successful if the user uses short passwords, with combinations of numbers and/or words that are easy to understand. guess, like "12345678" or the victim's birthday, for example.
Reverse brute force attack
Instead of creating credentials at random to get the right one, in this case cybercriminals take advantage of databases with collections of widely used passwords that are available online and try these passwords on multiple websites until they have a match.
Hybrid brute force attacks
Hybrid attacks are carried out with a computer program that uses external logic to determine which character combinations are most likely to be the correct password, and then tests all variations of that character set.
Dictionary attack
Dictionary attacks use common words, extracted from the dictionary, and modify some letters with special characters or numbers to crack passwords, therefore, it is not advisable to use simple words or phrases that could be in a dictionary as passwords.
Recommended by LinkedIn
Password Spraying
Password spraying attacks involve choosing a small group of common passwords and carrying out multiple login attempts to different user accounts.
It is useless to have the most advanced cybersecurity measures if passwords that are too easy to guess are used to protect user accounts. For this reason, for authentication systems to be effective, it is necessary to implement a secure password policy and others. measures to avoid the main cyber attacks directed towards the keys.
It must be recognized that brute force attacks consist of the use of the processing power of one or more servers, in order to guess a key, also taking AI and machine learning hand in hand, sometimes, attacks Brute force password crackers are so advanced that they simulate requests from different IP addresses, with the aim of evading measures such as the attempt limit, by trying all combinations of a set of symbols to deduce a password.
Session token theft
Another password attack that malicious hackers often use is the theft of session tokens. To do this, they send malicious links to victims and inject code into their browsers, thus executing commands that send them the private information of the users. victims, such as their session tokens, I mention this because it is linked to a user action or a breach in our policies.
Password spraying
This credential-based attack attempts to access many accounts by trying only a few common passwords. This is the exact opposite of a brute force attack, which targets a given account and tries many, many password combinations.
In this case, it tries the same common password, for example, “12345678” or “M0tdepasse” on many, many accounts and then tries again with a different password, since it tries a password on all the accounts in a list before moving on. The next, this technique prevents the hacker from being detected and any accounts from being locked due to the time between attempts, so if a user's or account's password management practices are poor, the hacker will be able to get in.
Some password attacks combine several of the tools and methodologies presented above to improve their chances of success, however, in most cases, successful hacks are largely due to poor password management practices, which is why it is It is imperative to be informed about the care of information in digital media in order to mitigate the possibility of suffering one of these attacks.
Protect yourself
Taking appropriate security measures and being alert and aware when online are key ways to prevent cyber intrusions and online crimes, remember we must learn how to protect our computer, network and personal information.
An example of awareness days:
October is Cybersecurity Awareness Month and the FBI reminds the public to be cyber smart all year round. National Cybersecurity Awareness Month, now in its 20th year, is organized by the Department of Homeland Security and the National Cybersecurity Alliance. Multiple agencies, including the FBI, are collaborating to raise awareness about cybersecurity and emphasize the collective effort needed to stop cyber intrusions and online theft and scams.
Source FBI:
What dangers are involved in a brute force attack?
Please note that once a cybercriminal achieves verification of the correct password or credentials, they gain access to protected accounts or systems and can compromise the privacy of sensitive data, we know this can include personal information, social media accounts, financial data , sensitive commercial information and user passwords.
Friends, I leave you with the following thought, brute force attacks are among the simplest there are, however, they are very successful, imagine, not having our security policies armored and if brute force attacks are combined with other methods and technologies, the attacker's breach capacity is almost 100% successful.
I look forward to your comments, especially if anyone knows of an internal brute force attack, if someone has been blocked and does not know why, or those who, unfortunately, in the most arbitrary and out of context way, are threatened to complete overly technical courses, in instead of creating awareness and tranquility.
We will continue with basic topics of cyberattacks, gradually we will raise the level, you will see how interesting it is and why those responsible for a company's cybersecurity must be updated and prepared, we must also know how to use vulnerability tools, for example, the Shell reverse.
Greetings from Mexico,