Enterprises Face the Onslaught of Brute-Force Attacks

Weak passwords can lead to brute force attacks and enterprises are facing the wrath of it amid the ongoing pandemic. With the shift to remote work, cybercriminals have taken to such attacks using either a variety of botnets or Remote Desktop Protocol. 

Background
Brute-force attacks typically are aimed at computers and devices on networks to capture email addresses, passwords, passphrases, usernames, and PINs. Such attacks exploit weak or otherwise vulnerable passwords that are easy to guess. 

The attackers then try to profit from their ill-gotten gains by distributing malware, spamming or phishing unsuspecting victims, or selling the stolen credentials on dark web. In many cases, obtaining the credentials to an account gives cybercriminals the means to compromise an entire network. 

A peek at the current scenario
  • There have been several instances of brute-force attacks recently, with the latest attack being used in a new ransomware campaign dubbed ‘PLEASE_READ_ME’.
  • The attack, which dates back between January and November, used a brute-force attack process to hijack MySQL servers and pilfer sensitive data before leaving behind a ransom note for victims.
  • The attack method is also popular among the botnets. During the end of November, a new cryptomining botnet called PGMiner leveraged brute-force methods to target PostgreSQL database servers and mine Monero cryptocurrencies.
  • Another botnet, a variant of Gitpaste-12, was also found including a list of passwords for brute-force attempts as part of its attack campaign.

The worrying factor
Despite the best efforts and ever-advancing cybersecurity capabilities, corporate credentials from all industries keep ending up for sale on Dark Web forums. The prime reason is credited to the use of weak passwords. As a result, these stolen credentials can be used in a wide range of attacks, including complicated brute-force attacks, to gain access into networks.

Tackling the situation
Brute force attacks aren’t going anywhere and as hackers’ toolkits are evolving and expanding exponentially, enterprises should gear up their defense mechanisms to protect their employee and admin passwords. One such good security practice includes changing privileged passwords frequently and the use of multi-factor authentication.