Brute forcing user credentials is one of the easiest ways for hackers to get access to protected resources. The fewer password and access protection measures an organization has in place, the easier it is to steal or guess credentials. During the pandemic and the switch to remote work, the security posture of many organizations weakened. As a result, the amount of brute force attacks spiked from 13% in 2019 to 31.6% in 2020 according to a Kaspersky report [PDF]. And that’s why now is the perfect time to review and enhance your cybersecurity posture.
In this article, we’ll discuss what is a brute force attack, take a look at the key dangers of brute forcing, some examples of such attacks. Also, we examine how can you prevent a brute force attack with Ekran System’s robust password and access management functionality.
What are brute force attacks and why are they so dangerous?
Brute forcing is a type of cyber attack that relies on the trial-and-error method: a malicious actor submits loads of passwords until they guess the correct character combination and gain access to a trusted user’s account. Such attacks are incredibly widespread for two reasons:
- It’s easy to execute them using free tools, automation scripts, and password databases
- Lots of users still rely on weak passwords that take seconds to guess
Experienced hackers can guess passwords in several ways. For example, they can download a database of common passwords and try all of them on a single account. Sometimes, brute forcing is reversed, which means the hacker knows the user’s password and guesses the correct account name.
Brute forcing a poorly protected user account is often the first step of a more intricate hacking scheme. A recent brute force attack example is the T-Mobile data breach that happened in August 2021, where hackers stole and sold the personal data of over 54 million customers. After an investigation, T-Mobile discovered that the hacker brute forced access to their testing environment to steal the data.
Personal financial gain isn’t the only motivation behind brute forcing. Hackers can also try to steal intellectual property, spy on an organization, or even discredit it. In 2021, US and European government and military organizations experienced a series of password spraying attacks, which are also types of brute force attacks. Attackers tried to escalate their privileges and sniff out sensitive data in protected networks.
For an organization, a brute force attack may result in the following consequences:
Most brute force attacks share common indicators that can help you detect the beginning of an attack and stop it before real harm is done. Let’s see which activities give hackers away.
6 indicators of a brute force attack
You can detect hints of an upcoming attack in increased network activity, access violations, and unusual user behavior. Brute force indicators differ slightly depending on the type of attack and toolset a hacker uses. The good news is you can detect all of them with the same set of cybersecurity tools and practices.
But before we discuss these tools and practices, let’s first take a look at the activities that can be indicators of a brute force attack:
Now, let’s see how to investigate a brute force attack and protect your organization from them.
8 ways to detect and prevent a brute force attack
Tools and practices for brute force attack prevention include:
- Secure password management
- Access management
- User activity monitoring
- Network security
Let’s take a look at how to prevent a brute force attack with eight key techniques and which of them you can implement with Ekran System:
1. Manage user credentials
Weak user passwords are what make brute force attacks successful. No matter how many cybersecurity awareness training sessions you conduct for your employees and how many policies you enforce, there will always be an employee that uses a “1234” password. That’s why it’s better to take the matter into your own hands and deploy a dedicated password management tool.
Such tools securely manage without involving a user. For example, Ekran System’s password management functionality can create, rotate, and dispose of user credentials and secrets using a protected vault. Credentials stored in the vault are encrypted. This way, the deployed password management tool prevents credential leaks and significantly reduces the chance of successful password guessing.
2. Limit the number of login attempts
Simple and hybrid brute force attacks rely on multiple login attempts to guess user passwords. This is highly unusual behavior for legitimate users: even if they forget their password, they don’t try submitting any word they know. Monitoring and limiting the number of login attempts reduces a hacker’s chances of guessing credentials.
If an account exceeds the limit for login attempts, you can start a cooldown timer, force the user to authenticate with multi-factor authentication, or contact an administrator.
Another option is to configure an alert on numerous failed logins with Ekran System. When triggered, this alert will be sent to a security officer. They can then contact the user to find out what’s going on and use multi-factor authentication to confirm the user’s identity.
Real-Time User Activity Alerts and Incident Response
3. Enforce two-factor authentication
Adding one more authentication factor also makes it much harder for a hacker to brute force an account. Two-factor authentication (2FA) tools require unique authentication factors from a user that are hard to obtain or falsify. These factors can be an authentication token sent to the user’s phone or a biometric scan, among other options. With 2FA in place, a hacker won’t be able to log in to a user’s account even if they enter the correct login and password.
Ekran System’s two-factor authentication tool checks a user’s identity with the password and a code phrase sent to a verified mobile device. You can enforce two-factor authentication for regular, privileged, and remote employees, as well as for third parties.
4. Configure user access rights
Granular management of user access rights doesn’t stop brute forcing, but it reduces the attack surface in case a hacker gains access to a user’s account. Proper access management limits a user’s access to only those resources the user needs for work. So in case a hacker obtains credentials of a regular user account, they won’t be able to do a lot of damage.
Implementing a zero trust approach or just-in-time privileged access management allows you to establish a system that limits user access without employee workflow interruptions. You can implement these with the following Ekran System features:
- Simple access configuration process via Ekran System’s web management tool
- Role-based access management for creating roles that cover many users in similar positions
- One-time passwords to grant temporary access
Why Do You Need a Just-in-Time PAM Approach?
5. Approve access to the most critical resources manually
Since hackers try to log in to a user account many times from the same IP address, it can be a good idea to create a whitelist of user IP addresses and deny access to all unknown connections. Whitelisting IP addresses won’t work well for remote users, however, as they commonly connect to the organization’s network from personal devices and in different locations.
Instead, you can enforce manual login approval to provide access to sensitive resources. Each time a remote or in-house employee needs access, they send a request to the security officer and specify the reason for access. With Ekran System, the security officer can review the user session or enforce 2FA to make sure it’s not a hacker trying to gain access.
6. Monitor all activity within your network
Monitoring both user and entity activity within your network helps to detect credential stuffing, lateral movement, repetitive access requests, and other indicators of a brute force attack. You can establish monitoring in two ways: by tracking events in the network or keeping an eye on user activity.
Ekran System provides you with rich activity monitoring options. You can detect brute force attacks using the following features:
- User activity monitoring. On-screen recording and keystroke tracking help to monitor and record each user session. You can review any session online or in records to detect lateral movement, abnormal user activity, or evidence of data theft by a hacker or insider.
- User and entity behavior analytics (UEBA). This AI-based module detects unusual user behavior that doesn’t break security rules but can indicate an attack. For example, it can alert your security team about logins at unusual times or about attempts to connect to the organization’s network out of working hours. A UEBA’s work is based on an artificial intelligence algorithm that collects data on normal user behavior, creates a baseline, and detects suspicious activities.
- Alerts on security violations. You can configure security rules and receive alerts on indicators of a brute force attack: numerous login attempts, lateral movement, unusual user behavior. This way, you’ll find out about security incidents in real time without the need to monitor your users manually.
7. Educate your employees
Employees can be the strongest or the weakest link in your cybersecurity defense. It’s in your best interest to educate employees on cybersecurity. Regular security awareness training sessions can help employees to:
- Understand the importance of strong passwords
- Learn how to use password managers
- Remember the basic principles of cyber hygiene
- Recognize common types of hacking attempts: phishing, social engineering, downloading malware, etc.
Ekran System helps to raise awareness in two ways:
- By providing you with reports on security violations and events in your network. You can analyze these reports to figure out what cybersecurity knowledge your employees lack.
- By showing warning messages to employees when they are breaking security rules. A lot of times this happens simply out of negligence. A timely warning helps an employee stop what they’re doing and contact a security officer for a consultation.
People-centric Security for Remote Workers
8. Consider passwordless authentication
Brute force attacks are built on the idea of guessing a user’s password. And with no password, there’s simply nothing to guess, and you don’t have to figure out how to stop brute force attacks. This insight has led to the idea of passwordless authentication, and today many companies are trying to implement it with modern security technologies.
Passwordless authentication is an authentication method that substitutes passwords with some other authentication token. It can be implemented in form of:
- MFA that requests a biometric scan and ownership confirmation
- Using a picture, pattern, or hardware token instead of a password
- Voice, face, or gesture recognition
- A combination of a user’s geolocation and network address
- And other methods
Implementing passwordless authentication technology can prevent brute force attacks and reduce friction between users and administrators. But it will probably require you to significantly rework your security system and will require trial and error before you figure out the best way to use it. Since the passwordless authentication method is still developing, there are no best practices for its implementation.
Data Breach Response and Investigation: 7 Steps for Efficient Remediation
Conclusion
Hackers can leverage simple passwords and a weak cybersecurity posture to gain access to protected resources. It’s an old yet simple and effective hacking method.
Lately, the number of brute force attacks has increased because of switching to remote work, blurring of the traditional security perimeter, and the weakening of traditional security controls. How long does a brute force attack take? In many cases, minutes or even seconds, and security officers can’t detect and stop it in time without dedicated tools. That’s why many organizations are enhancing their protection with PAM and password management software. In this article, we discussed how to stop a brute force attack on a server or a user endpoint with eight practices.
Ekran System combines robust password management, access management, and threat monitoring capabilities to ensure optimal protection and a simple deployment process. Download a demo of Ekran System or request a trial to see how you can benefit from these features!