A brute-force attack uses the trial-and-error method to attempt all possible usernames and passwords to obtain correct combinations. It is usually carried out by scripts or bots that target a platform’s login page, with Content Management Systems like WordPress being favoured targets. Simple and popular, brute force is used by cybercriminals to crack passwords and encryption keys.
Types of Brute-force Attacks
Due to its popularity, there are different methods of brute-force attacks.
- Simple brute-force attacks: Hackers attempt every possible username-password combination.
- Dictionary attacks: Using valid usernames, hackers will then run a list of possible passwords against the username.
- Reverse brute-force attacks: Hackers start with known or common passwords. They then attempt with many usernames, in hopes of guessing correctly.
- Hybrid brute-force attacks: External logic is integrated into the attack technique. Such attacks typically use both dictionary and simple brute-force attacks.
- Credential stuffing: This attack uses valid login credentials to attempt to login into other services. The credentials are obtained from data breaches and successful password cracking.
Consequences of Brute-force Attacks
- Theft of personal data, login credentials and money
- Infecting websites and machines with malware
- Collecting credentials to sell to third parties
- Redirecting users to websites with malicious content
How to Safeguard Against Brute-force Attacks?
- Limit the number of login attempts with a certain timeframe: This would hinder the hackers’ progress. They may be deterred from continuing the attack.
- Use longer, more complex passwords: This increases the difficulty and time required to crack the passwords.
- Implement multi-factor authentication: 2 or more authentication factors are used as part of the login process. This can include using a one-time password (OTP) and fingerprint.
- Deploy a web application and API protection (WAAP) solution: Such solutions would monitor all incoming web traffic activities and block suspicious IPs and requests.
How Polaris Safeguards Your Website
- Web Application Firewall: Acting as a shield between malicious attacks and your web assets, Polaris protects against targeted hacks.
- Leaked data: Polaris provides leaked data detection from a diverse pool of intelligence feeds.
- Bot Management: Polaris provides automated web traffic scanning, analyses bot behaviour and blocks malicious bots from attacking websites.
