What are brute force attacks and how should they be prevented?
Brute Force attacks Unlike other cyber attacks such as DDoS and XSS attacks. Brute Force has nothing to do with the vulnerabilities on the website. In fact, users with weak usernames and passwords are targeted by brute force attacks. In this article, we will become more familiar with this type of attack and introduce methods to prevent it.
What is a Brute force attack?
Brute force attacks occur when a hacker, with great effort and testing of a large number of usernames and passwords, targets the account of a person or persons. Hackers in brute force attacks usually try a large number of passwords in the hope that one of them will eventually be correct. This attack is like trying all the possible combinations in one lock. Except that hackers try all the possible possibilities in a much larger scale brute force attacks.
Passwords are not the only resources at risk of brute force attacks, but links, directories, usernames and emails are also hacked by cyber-criminals.
The target of Brute force attacks
The purpose of brute force attacks is to infiltrate information and resources that are restricted to other users. For example, access to an admin account, encrypted pages, or emails registered on a website are among the targets of a brute force attack.
In fact, accessing the information of a real account threatens the security of the entire website, and hackers can use it as part of their infected network.
How Brute Force attacks work
The most common type of brute force attack is a dictionary attack, which includes a list of identity documents in which a hacker tries to access a website admin account using common usernames and passwords. Dictionary attacks usually start with the simplest identity, such as username: Admin and password: 123456, and try more complex ones over time.
Public understanding is very important in identifying brute force attacks. For example, if you see somewhere that a person is constantly trying to log in to a specific account, it is very likely that they are running a brute force attack.
Other signs of a Brute force attack include:
- An IP address could not be entered into an account after several attempts.
- Multiple IP addresses failed to log in to a specific account after several attempts.
- Multiple IP addresses could not log in to your account in a short period of time.
Sometimes hackers use brute force attacks to add different accounts to a botnet to use in DDoS attacks. In addition, brute force hackers, by taking over the admin account of a website, perform tasks such as adding spam, spreading malware, and phishing users’ bank accounts.
Types of Brute Force attacks
Brutal force generally means trying all possible combinations to access an account. Of course, hackers use different types of attacks to increase their chances of success, the most common of which are as follows:
1- Simple Brute force
In simple brute force attacks, a hacker can use several methods, such as trying out all possible passwords. This type of attack is usually in Local Files because there is no login restriction in this section and most cyber attacks are successful.
2- Dictionary attacks
In this type of attack, instead of using random options, the hacker prepares a complete list of different words and passwords and tries all possible options to access the user’s account. Using a comprehensive list increases the chances of a hacker succeeding, but in general it can be that dictionary attacks generally require a lot of time and effort.
3- Brute force hybrid attack
In a hybrid attack, the hacker uses both a dictionary attack method and a simple brute force attack at the same time. Of course, instead of trying all the possible passwords, the hacker modifies or changes the words in the dictionary; For example, a hacker adds numeric characters to a dictionary list or applies uppercase and lowercase letters to them.
4- Reuse of user identity documents
Data and personal information leaks are so prevalent in today’s world. Using one password for multiple accounts puts the security of all those accounts at risk. The chances of success in this type of attack are very low and often depend on the amount of data leaked (username and password) in the information leak.
Hackers use stolen identity documents to try to connect to other people’s accounts. So if you feel that your information has been leaked on the Internet, you should immediately update the password and username of your other accounts.
How to prevent Brute force attacks
Since brute force attacks are not a weakness or vulnerability of a software, keeping it up to date is not enough to protect users. Of course, you can ensure your security against brute force attacks by following these tips:
1- Use of strong password
Weak passwords have a better chance of succeeding in brute force attacks. So choose a strong password for your account that includes the following features:
- Unique password
You must avoid duplicate passwords, otherwise your password and account security will be compromised. In other words, hackers can use duplicate usernames and passwords to compromise your other accounts on various websites and applications.
- Long password
The higher the password, the more likely a hacker is to try to guess it. Therefore, longer passwords are not easily hacked.
- Unpredictable password
You usually use information such as your name or whereabouts to remember your password without any hassle. In this case, other people who have this information can easily feel your password and log in to your user accounts. Some common options such as 123456 or common passwords are easy for cyber thieves to hack.
By following the above tips, you will greatly strengthen the security of your account against brute force attacks. Password recovery questions must follow the same rules; In fact, if your password is strong, a hacker can easily change your password by answering recovery questions. So always consider account recovery questions and answers that no one else knows about.
2- Restrict access to authentication URLs
The basic condition for performing brute force attacks is to send identity documents. If you change the URL of the login page, most malicious tools will stop. Unfortunately, if the link is visible on the page or the hacker can guess it, this action has little effect on the performance of the attacks. (This is especially important on WordPress websites. Be sure to change the default admin dashboard access address. It is wp-login, to another custom address with extensions that are also unpredictable.)
3- Limit the number of logins
Brutal force attacks work through countless passwords and accounts. If you set a specific number of logins for each user, the hacker can not try more than a few passwords in a given period of time. One common way to restrict login is to temporarily block access to an IP address that has not been in 5 times. (If your website is WordPress, you can easily apply these restrictions with security plugins like Wordfence.)
4- Using CAPTCHA codes
Using captcha code is the best way to deal with robots and automated malware that challenges their identity before logging in. Because captcha codes are for humans, malicious robots cannot easily bypass them. And system blocks brute force attacks at this point.
5- Using Two Factor Authentication
Two-step authentication adds another layer of security to the login section. In fact, after entering the username and password, users must also enter the code sent to the email or phone number or one-time codes generated in authentication tools (such as Google authenticator) to log in. In other words, hackers who have access to your personal information in any way cannot enter your account without going through the two-step authentication step.