Have you heard of a brute force attack (or brute force cracking)? You may have not heard of such, but considering the higher than ever malware rates, it’s quite likely you know someone who has been though one.
Related: Obfuscation in Malware
What Is a Brute Force Attack?
Brute force attacks may sound like something very complicated but they are easy to explain and understand. However, the protection against them is not as easy to achieve.
In the language of cyber security, a brute force attack is the trial-and-error method applied to obtain personal information from users such as their passwords and PINs (personal identification numbers). Brute force attacks are carried out by automated programs which generate a large number of continuous suggestions in an attempt to figure out the value of the targeted data.
Why are brute force attacks employed? Basically, brute force attacks can be used against all types of encryption, the success depending on the effectiveness of the software. It’s easy to assume that with the evolution of cyber threats such as ransomware, brute force attacks have evolved too, the result being more successful brute force attacks than in the past.
It’s also important to note that brute forcing can be used by cyber criminals for malicious purposes, and by researchers who test the security of enterprise networks.
What Is a “Dictionary Attack”?
A dictionary attack is similar to a brute force attack. It would try words in a dictionary or would ‘scan’ a list of average passwords, instead of trying all possible ones. You would be surprised how effective a dictionary attack may be. A large number of people use passwords that are common and easy to break.
Brute Force Attacks and Online Services
As pointed out by HowToGeek, online and offline brute attacks are different. Online services such as Gmail and Yahoo, will quickly detect such attempts and would forbid access and ban the IP addresses, trying to log in multiple times. This makes online brute force attacks not that successful.
However, attackers may have another option. If they have successfully obtained encrypted data from a user’s OC or have succeeded in compromising an online service, they could try as many passwords as they want.
Can I Protect My Data from Brute Force Attacks?
Unfortunately, there is no single solution against brute force attacks. There are, however, several basic steps to follow:
- Store your encrypted data in a safe location.
- Employ strong encryption algorithms and avoid old algorithms with known flaws.
- Choose your passwords carefully and change them periodically.