When we talk about brute-force attacks in cybersecurity, we’re addressing a type of attack that has its foundations in the bare basics. When it comes to cyberattacks, staying true to the basics continues to work: brute-force attacks are proof of that.

Indeed, this may be one of the simplest methods available to break into accounts and systems online and it consists of repetitive yet simple actions. With brute-force attacks, cybercriminals try a huge number of username and password combinations until they find the right one. It’s all about trial and error.

While it may sound (very) simple, the method has evolved over time, catching up with the latest security countermeasures and newest technologies. 

At My IT Guy, we want you to be knowledgeable regarding the threats present online. That’s why our team is dedicating a few lines to explain what are brute-force attacks, how they are being used by malicious agents, and how to prevent being a victim.

What Are Brute-Force Attacks?

As mentioned before, brute-force attacks consist in a trial-and-error strategy of testing a huge amount of username and password combinations until the cybercriminals (or their automated bots) find the right one. Truth be told, this kind of attack represents one of the least intellectually-driven strategies in cybersecurity. Nevertheless, it continues to be a significant problem for individuals and organizations.

Brute-force attacks are used to decode passwords and DES (Data Encryption Standards). For obvious reasons, these attacks rely on automated tools or bots that do most of the hard word, generating thousands of combinations in seconds and testing them on the systems to be hacked. For a person to manually achieve a successful brute-force attack, it would be extremely time-consuming (yet not impossible, we dare to say).

While it’s mostly guessing, there are different types of brute-force attacks that leverage different resources in order to increase effectiveness. Reverse brute-force attacks, on one side, work by knowing the password but not the username. Then we have credential-recycling brute-force attacks that use data from previous attacks.

One type that is popular because of its effectiveness is the dictionary attack, which bases its strategy on the device’s personal dictionary. This strategy increases the precision of the attack, dramatically reducing the number of attempts before finding the right combination.

How to Protect Yourself from Brute- Force Attacks?

There are basic protection measures we can implement in order to reduce the possibility of suffering a successful brute-force attack. As we have mentioned many times on this blog, everything starts with our passwords. Bad habits regarding our passwords lead to serious security issues that may jeopardize your personal and business data.

The first thing to do is to use complex passwords in all our accounts online. When possible, include numbers, letters, and symbols in your passwords. Also, use lower and uppercase letters as many websites recommend when creating new accounts.

Part of having healthy password habits is to avoid using the same password for several accounts. Even if this is the only way for you to remember the different passwords you use online, it represents a very serious liability. Try to write down your passwords in a (physical) safe place or use a password manager like LastPass and 1Password.

In order to take security to the next level, at My IT Guy we recommend to implement captchas in your systems’ login pages in order to stop automated bots from executing scripts. Captchas work by requesting manual actions from the user in order to access, like ticking a box or answering a question based on images. Another very effective way to improve security is by implementing multi-factor authentication, which is becoming the standard in corporate environments where security is a must.