Blog


← Back to BLOG

23
Mar
2023
Brute Force Attacks: What They Are and How to Prevent Them

Brute Force Attacks: What They Are and How to Prevent Them

It is a routine we follow several times a day. We enter a username and password to log into accounts on our computers, phones, and tablets for everything from email to online banking and ordering from our favorite local restaurants, as well as the devices themselves. However, not all passwords are created equal. If you use a weak password like “123456” or “mypassword2022,” you open doors for hackers to steal your credentials and use them maliciously¹. When attackers submit multiple passwords to access your system without permission, it is called a brute force attack, and its consequences can be dire¹. Consider that the average data breach resulting from stolen or compromised credentials costs $4.50 million, according to IBM². You therefore need a solution to keep hackers at bay. 

Fortunately, brute force attacks are preventable. In this article, we will learn more about the types of brute force attacks and how you can prevent them from becoming a detriment to your business. 

In their most basic form, brute force attacks entail hackers using automation tools to test endless combinations of letters and numbers in trial-and-error form to steal your password¹. Attackers may also try to logically guess your password, either by using common passwords like “password2022” or discovering personal information like your street address or pet’s name¹. While many brute force attacks involve testing multiple passwords against a known username, reverse brute force attacks let hackers test a single common password against a list of usernames¹. Keep an eye out for dictionary attacks, too, in which malicious actors test combinations of words and phrases – such as colors, seasons, and even your favorite sports teams – to access your account¹. Since users often utilize simple passwords for added convenience, dictionary attacks can be especially effective for hackers¹. Now that you know about these distinct types of brute force attacks, we will outline best practices for preventing them. 

(Image courtesy of https://www.imperva.com/learn/application-security/brute-force-attack/)  

The most important practice for thwarting brute force attacks is to use strong passwords³. You must never include personal information like your name, birthday, or email address in your passwords³. Additionally, do not use the same password for multiple accounts³. Instead, you should create unique passwords for every online account, including email and MS 365³. Furthermore, to prevent dictionary attacks, craft passwords using random character strings as opposed to words or phrases in any language³. In short, the stronger the password, the more difficult it is for hackers to crack. 

Another strategy for preventing brute force attacks is to limit the number of login attempts to your website³. While most websites allow unlimited login attempts by default, there are plugins available to limit your users’ logins and stop brute force attacks in their tracks³. With these plugins, you can set a maximum number of logins for your visitors³. If they exceed the number of attempts you set, you must then temporarily block their IP addresses from accessing your site³. Keep in mind, however, that this approach is inadequate against botnet attacks using several distinct IP addresses simultaneously⁴. Nevertheless, limiting login attempts helps you keep hackers at bay. 

While using strong passwords and limiting login attempts are both helpful, you must not overlook the importance of utilizing two-factor or multifactor authentication (2FA/MFA) ³. As we discussed in a previous article, 2FA combines multiple authentication factors so you can keep your business’s computer systems secure even if one factor is compromised. When using 2FA, you must validate your identity when logging into an account before you can proceed³. For example, if you are attempting to log into your email, your 2FA provider will ask you to confirm that you were the one trying to access the account³. In this case, you will need to verify your identity using a unique code sent to your smartphone before proceeding³. In summary, 2FA is a pivotal tool for preventing brute force attacks. 

Still another best practice to prevent brute force attacks is to install web application firewalls (WAFs), like the one pictured below³. By enforcing a maximum number of requests to a URL, such as your company’s intranet login address, from a specific source over a predetermined interval, WAFs offer you ample protection against brute force attacks³. Thus, WAFs are helpful for keeping unauthorized parties from accessing your system and giving you much-needed peace of mind, so you can focus on creating predictably awesome experiences for everyone in your organization. 

Image courtesy of https://www.addictivetips.com/net-admin/web-application-firewalls/)  

Although try as you may to prevent brute force attacks, they can still occur. Thankfully, if you are attacked or suspect that you have been, brute force site scanners can help⁴. These scanners peruse site logs, searching for signs of any brute force attempted on your business’s computer systems⁴. While this may seem like too little, too late for your organization, brute force site scanners give you proof that an attack occurred so you can take vital steps to prevent future attacks⁴. 

If you need tools to prevent brute force attacks, navitend can help. We provide a variety of managed IT services and support for clients throughout New Jersey, New York, and eastern Pennsylvania. For example, we offer 2FA technology for secure and predictably awesome login experiences, plus advanced password management and Immunify web application firewalls. Our top priority is keeping your data, networks, and applications secure 24 hours a day and seven days a week. 

Navitend can help you. Call 973.448.0070 or setup an appointment today. 

Sources: 

¹Norton. “Brute force attack: A definition + 6 types to know.” Retrieved from https://us.norton.com/blog/emerging-threats/brute-force-attack. 

²IBM Security. “Cost of a Data Breach Report 2022.” Retrieved from https://www.ibm.com/downloads/cas/3R8N1DZJ. 

³Intelligent Technical Solutions. “How to Prevent Brute Force Attacks in 8 Easy Steps [Updated]” by Alessandra Descalso. Retrieved from https://www.itsasap.com/blog/how-to-prevent-brute-force-attacks#:~:text=How%20to%20Prevent%20Brute%20Force%20Attacks%201%201.,...%208%208.%20Use%20Web%20Application%20Firewalls%20%28WAFs%29. 

⁴AT&T Cybersecurity. “How to investigate and mitigate brute force attacks” by Garrett Gross. Retrieved from https://cybersecurity.att.com/blogs/security-essentials/brute-force-attack-mitigation-methods-best-practices.  

Contact us at 973.448.0070

Testimonials

  • "Thanks so much again for taking care of everything in such an expedient manner. It's a pleasure to work with navitend and its staff as always!"

    Lawrence Wolfin / Textol Systems, Inc.
  • “Navitend’s expertise helped our firm over the past year to effectively elevate our I.T. game, powering our website into a highly interactive tool. Well done to Frank and his team!”  

    Chuck Steege, CFP®, CEP, President, SFG Wealth Planning Services, Inc.
  • "navitend has been a great IT partner for our company.  Their helpdesk response time is the best I have experienced in my 30 year career.  navitend has helped me to have great IT services without the need to have a full time, in house, technician at significant savings to our company."

    Bob Bradley, President, Bradley Graphics
  • "Thanks so much!  You are a class act!  
    You and your team have really done an excellent job on this!"

    Steve Van Ooteghem, The C12 Group in Houston, Texas
  • "I appreciate that they didn’t just build the application. They made it better by bringing ideas to the table that not only made for a better user experience, but also kept the development costs down."

    Andy Lynch / North Star Marketing
  • "We've dedicated our lives to growing our retail and ecommerce business and it's a relief to have found a company like navitend who treats our business likes it's their own. navitend's personal approach to project management and problem solving are top-notch."

    Stamatis, Co-owner Twisted Lily, Fragrance Boutique and Apothecary
  • "Our company is more efficient and has grown as a result of navitend’s work. navitend helped us get to the next level."

    Greg Niccolai / Madison Insurance
  • "I look forward to working with you again in the future. Once again, thanks to your organization for your prompt response."

    Luke Wolters / Luke Wolters Tax Consultants
  • navitend’s approach to customer service is greatly appreciated here.  Ensuring that we are well protected from a technology standpoint provides us with peace of mind to continue our day to day operations and that they are looking out for our company's best interest. 

    Debbie