Brute Force Techniques and Risks

1. Brute Force Techniques and Risks The evolution of technology brings with it newer methods of security risk! As much as technology has pushed the envelope in creating new business opportunities by connecting people, devices, and industries across the globe, it has also made the work of hackers easy. One of the common methods of hacking in recent times is brute force. In a brute force attack, the hacker guesses login information such as passwords, encryption keys by trying several million combinations. While it seems like a tedious process, the use of bots drastically reduces the time taken to crack a password. There are different types of brute-force attacks: Hackers can try simple attacks by guessing the password logically. This attack reveals simple passwords and PINs Dictionary attacks take a more targeted route When hackers already have a password, they can run a reverse brute force attack to identify the username to hack into the account Hackers try credential stuffing brute force attacks MITRE ATT&CK is a framework that helps to identify and classify the techniques used by attackers to exploit vulnerabilities. It was developed by MITRE, a not-for-profit research and development organization. The framework is designed to help defenders assess their security posture and prioritize their efforts to remediate vulnerabilities. This article will focus on the brute force techniques that are used by attackers in order to gain access to a system or network. Brute force techniques are methods of breaking into systems or networks where an attacker attempts to guess the passwords of users by systematically trying every possible combination until they find the right one. This technique is most commonly used when an attacker has some knowledge about what type of password is likely being used, such as when they have harvested email addresses from a previous attack. The framework consists of three levels: tactics, techniques, and tools. All of these levels are used to identify the attack surface. Tactics level is about what a hacker does to get into your system or network. Technique’s level is about how they exploit vulnerabilities in your system or network. Tools level is about what they use to do their job such as malware, hardware implants, etc. There are three components to MITRE ATT&CK: Tactics that describe the high-level objectives of an attack 1

2. Techniques are the methods to achieve these goals Sub-techniques are the various other ways in which the goals may be achieved Password Security Problems Password reuse Sharing passwords offline Lack of knowledge about secure passwords Data Protection Risks in social media Data phishing through emails or social media accounts tricks users into revealing privileged information Hackers create imposter accounts across various social media channels to gather critical information Malware hacks can cause reputation damage Industry Best Practices Cyber Security and Compliance Services· Adding a time delay between two login attempts slows down the attacker Locking out an IP address after determined failed login attempts slows the attacker Complex passwords make it hard to crack during such hacker attacks. Periodic security audits should be performed to determine if the system can handle such hacking attempts 2