Brute Force Attack: What it is and how to Mitigate it?
If you can break the lock then why pick it at all. That’s the idea behind the brute force attack. Today, it is one of most common exploits in the cybersecurity world. To put brute force in simplest of the words: try all possible combinations until you find your perfect match. However, there is no specific priority of working the combinations, instead a systematic way is followed based on a defined algorithm. Usually, a sequence of combinations is generated guided by the predefined set of instructions.
All brute force attacks combined are the second-most common of all exploit types, amounting to some 25% of the total attacks. WordPress sites in particular are often hit with such attacks in order to obtain control of the publishing platform and leverage it for malicious purposes.
Classifying Brute Force
Brute force attacks are classified as online and offline. Online, generally refers to the cracking of passwords of online services such as email, social media accounts, digital wallets and more. Whereas, offline brute force attacks points to the cracking of password for local system accounts. Often, UNIX password file is stolen from the system and then deciphered to find the password. However, such occurrences are less common when compared to online brute force attacks, where the results pay off greatly.
Leveraging the power of GPU
Some time back, any hacker worth his/her salt wouldn’t just rely on CPU to brute force the password. GPUs, today, are used to string them parallely to create bigger computing component which could reduce the time taken significantly. The GPUs are cheap, immensely powerful and loading rainbow tables--a precomputed list for reverse cryptographic hash functions--onto fast solid state drives, can reduce the time consumed to minutes.
Defending against brute force
Ideally, several online accounts lock the account after successive failed attempts to login. As a normal user, you should ensure that the online accounts you use provide that security feature. However, relying only on this feature is also dangerous. If the password database has been copied and downloaded during a breach then it becomes a sitting duck. Set strong passwords, with a combination of numerals, alphabets, uppercase characters and special characters. Most importantly, the password must be changed at regular intervals, irrespective of how strong your password is. In addition, adopting password management systems encourage users to employ more complex and secure passwords--without reuse.