We have all seen the headlines about this company or that company getting hacked because of a Brute Force attack. You might even be able to give a pretty good definition of what a Brute Force attack is.
What is a Brute Force Attack?
“A Brute Force attack is a form of cybersecurity attack where the attacker uses a trial and error approach to decode passwords. Most likely they are using a program or a bot to generate likely passwords or even random character sets.”
If they get the right combination of username and password then they can get into your systems and your company data and/or your customer data has now been exposed. There is also a specific type of Brute Force attack, known as a Dictionary Attack, where instead of using just random character sets, the attackers use lists of common words or phrases to guess passwords. There is yet another type of Brute Force attack known as Credential Stuffing which uses actual usernames and passwords that have been obtained from others, for example, when credentials are obtained from a system being hacked. So you know the problem is out there, but how can you detect it and even more importantly how can you prevent it?
How to Detect a Brute Force Attack
The best plan for detecting a brute force attack is to have a monitoring system like Sumologic that can monitor login attempts and alert you when certain thresholds are exceeded. You could:
- Monitor for unusually high numbers of login attempts coming from a single IP address. This could indicate a bot running from the system with that IP address that is rapidly trying different username and password combinations.
- Set up an alert for when there is a sharp increase in login attempts over a particular period of time. This unusual increase could also suggest a program automatically trying different sets of credentials to get in.
- Detect possible compromised credentials by correlating a high number of failed login attempts to particular accounts. Users often reuse the same credentials for multiple systems and attackers reuse credentials they might have stolen from one system to get into another.
Unfortunately, even if you set up a monitoring system and get a notification about these different types of unusual behaviors you might not be able to act fast enough to prevent the attackers from getting in. So you need to make sure you are protected against these types of attacks in the first place.
4 Ways to Prevent Brute Force Attacks
There are a few simple configuration changes you can put into place to prevent Brute Force attacks.
- Enforce complex passwords and password refreshes
- Lock accounts
- Implement Multi-Factor Authentication (MFA)
- Check for compromised credentials
ENFORCE COMPLEX PASSWORDS AND PASSWORD REFRESHES
One of the simplest ways to at least slow the attackers down is to enforce complex passwords. Through password policies like those that can be enforced with OneLogin’s User Policies, you can require that all passwords at a minimum need to be a combination of uppercase letters, lowercase letters, numbers and be 12 characters long. The added complexity and length just adds to the number of possible character combinations a bot will have to go through in a simple Brute Force attack.
You can also require that users refresh or create a new password periodically. Since simple Brute Force attacks can take time to run through all the possibilities, a changed password would mean they are back at square one and all previous attempts were useless.
If your authentication system has the capability, make sure to set a maximum number of login attempts and ensure that the account is locked once that number is exceeded. This will ensure that the attacker can’t keep trying to get into that one account indefinitely.
The attackers might be able to figure out the username and password combination through trial and error, but it is much more difficult for them to provide an additional authentication factor such as a hardware or software token. MFA requires a user to provide something in addition to just their username and password. They might have to provide a fingerprint or a One-time Password (OTP) or have a particular piece of hardware on hand like their phone or a usb token in order to confirm the additional authentication factor. It is much more difficult for the attackers to spoof these additional forms of authentication.
Features like OneLogin’s SmartFactor AuthenticationTM take it one step further. SmartFactor provides adaptive authentication and takes into account the context in which the login attempt is made: the geo location, the IP address, the device, etc. SmartFactor uses an AI engine, Vigilance AITM, to form a profile that reflects the typical behavior of a user. Thus when a login request comes from a location that the user has never attempted to log in from before, that login attempt can simply be blocked.
CHECK FOR COMPROMISED CREDENTIALS
The hackers have large databases of known usernames and passwords built over time from hacking various systems. Users tend to reuse the same combinations of usernames and passwords for all the applications they need to access because it is difficult to remember a bunch of different credentials. The hackers know this and take advantage of this by using the credentials from those databases in their brute force attacks. By checking a user’s credentials against known lists of compromised credentials and forcing them to choose a new password when there is a match, you can prevent your users from using these same sets of credentials that the hackers are going to try. This can slow down their ability to get in because they now have to rely on their ability to try a bunch of randomly generated passwords to get in.
OneLogin’s SmartFactor Authentication feature also includes the ability for an administrator to enable compromised credential checks. With this feature enabled, OneLogin will check to make sure users aren’t using passwords from the lists we are constantly updating when users are setting their OneLogin password.
The hackers are getting more and more efficient at getting into systems. When they get in, companies can lose money and lose the trust of their customers. We all must remain ever vigilant and put the protections in place to prevent attacks such as Brute Force attacks from occurring.