A brute-force attack is an automated process that cybercriminals use to guess credentials repeatedly to gain access to a website or system until a match is found.

Did you know that the world’s most popular password is 123456? (Source 3)

Common brute-force methods

Credential stuffing
In this type of attack, cybercriminals rapidly evaluate email and password combinations using computerized means on several websites. Users who reuse passwords across multiple websites can be susceptible to this type of attack.

Dictionary attacks
A dictionary attack uses lists of common dictionary words in an attempt to gain access to accounts.

How brute-force attacks work

Automated operations attempt to access accounts using stolen or guessed credentials. Once a successful match is found the cybercriminal can:

  • Steal personal data from the hacked user’s account including financial details.
  • Spread malware and launch a cyberattack against an organization.
  • Damage a company’s reputation by sending inappropriate messages to customers.
  • Run malicious adware in order to make advertising money.
Tips to minimize brute-force attacks
  • Don’t reuse a password (lessening credential stuffing attacks)
  • Don’t use common words in passwords (reducing dictionary attacks)
  • Don’t click on suspicious emails that are attempting to obtain username and password credentials (diminishing phishing attacks)
  • Use a password manager (to store passwords securely)
  • Use multi-factor authentication (MFA / to require additional authentication for account access)
How LaScala can help

LaScala protects businesses from brute-force attacks and can help with password protection policies, multi-factor authentication, and ongoing security. Contact [email protected] to get started today.

1 – Proofpoint: https://www.proofpoint.com/us/threat-reference/brute-force-attack
2 – KnowBe4: https://www.knowbe4.com/knowbe4-glossary/
3 – Keeper: https://www.keepersecurity.com/blog/2020/01/13/are-you-using-one-of-the-most-popular-passwords-in-the-world/
4 – Fortinet: https://www.fortinet.com/resources/cyberglossary/brute-force-attack
5 – Main header graphic: by Mohamed Hassan via Pixabay