Brute-force attacks explained, and why they are on the rise

The surge in remote work has rekindled interest in brute-force attacks, but a few simple steps can make your organization less of a target for them.

A digital bomb with lit fuse in an environment of abstract binary code.
The Lightwriter / Getty Images

Brute-force attack definition

A brute-force attack sees an attacker repeatedly and systematically submitting different usernames and passwords in an attempt to eventually guess credentials correctly. This simple but resources-intensive, trial-and-error approach is usually done using automated tools, scripts or bots cycling through every possible combination until access is granted.

“This is an old attack method, but it is still effective and popular with hackers,” says David Emm, principal security researcher at Kaspersky. “Brute-force attacks are often used to target devices on remote networks to obtain personal information such as passwords, passphrases, usernames and personal identification numbers (PINs).”

However, the longer the password and the stronger the encryption on the saved credentials, the amount of time and computing power needed, so it is possible for organizations to decrease the efficiency of the attack to the point is almost impossible for attackers to execute successfully.

In 2017 both the UK and Scottish Parliaments fell victim to brute-force attacks, while a similar but unsuccessful attack occurred on the Northern Irish Parliament a year later. Airline Cathay Pacific suffer a brute force attack a year later for which it was fined £500,000 [~$630,000] by the UK’s data regulator due to lacking sufficient preventive measures. Ad blocking service Ad Guard also forced a reset of all user passwords after suffering a brute-force attack.

To continue reading this article register now

The 10 most powerful cybersecurity companies