Why are Brute Force Attacks on the Rise?

Quick Answer: Brute force attacks are rising due to the increase in remote work and increasingly sophisticated tools available to hackers. However, there are steps we can take to protect our data. 

 We have all, at some point, received an email from a website or app with the subject line "Unsuccessful login attempt." In most cases, this happens if you type in an old password by mistake. But what if you get dozens of those emails in just a few minutes? 

In that case, a hacker is likely using brute force to gain access to your account. (This is also why some apps, like banks, lock you out after several unsuccessful attempts.)

Brute force attacks are not new. Cybersecurity experts continually work to stop them and their potential data exposure. But they are increasing. Between 2021 and 2022, brute force attacks increased by 74 percent and continue to rise. 

Whether you are one of the millions of professionals working remotely or an IT professional considering taking the Network+ certification test, it might be time for a refresher on brute force attacks. We'll cover how they happen, how to protect your data, and why these attacks are prevalent.

What is a Brute Force Attack?

A brute force attack occurs when a hacker repeatedly guesses the login credentials to gain access to an account on a website or application. Of all the different types of cyberattacks, brute force attacks are one of the most popular among hackers due to their simplicity and effectiveness. Most people use passwords that are easy to guess, and eventually, the hackers get it right. 

Data leaks and breaches have rapidly become familiar and almost accepted as part of our internet-connected lives. They make the 24-hour news cycle with increasing regularity, and we begrudgingly accept the next major cyberattack is just a matter of time. 

The fallout of these data breaches is a treasure trove of personal information on millions of people and their account credentials. A brute force attack, when successful, can impact countless people.

However, the data stolen from a cyberattack is not typically used in a brute force attack. Instead, when they successfully break into an account, the hacker now has access to not just the information in the account but also the website or network, allowing them to upload malware or other malicious programs. They can then use this exploit to launch a more extensive cyberattack.

What are the Types of Brute Force Attacks?

The most common and well-known brute force attack is when a hacker attempts to gain access to an account by guessing the login credentials. However, other types of brute force attacks exist depending on the hackers’ methods and desired outcomes.

Simple Brute Force Attack 

As mentioned, this type of attack is when a cybercriminal repeatedly tries to guess your login credentials (typically a password) without additional context or amplifying information. Easily guessed passwords and pins, like "123456" or "password" are easily cracked. Even slightly more complicated passwords, with capital letters and numbers, can be guessed relatively fast. 

Dictionary Brute Force Attack 

This type of brute force attack takes commonly used password combinations and words from the dictionary with numbers or special characters substituted for letters. Similar to a simple brute force attack, poor passwords are quickly cracked.

Hybrid Brute Force Attack

A hybrid attack combines the two previous types. It uses elements of passwords that people frequently use, such as family names, anniversaries, or dates of birth. This information can be gleaned from social media, online registries, or public records. 

Reverse Brute Force Attack

This type of brute force attack happens when a hacker has access to a password and attempts to match that to a username to log into an account.

Credential Stuffing

Although sometimes not classified strictly as a brute force attack, credential stuffing happens when cybercriminals already have login credentials and attempt to use them across many different web applications. This is why it's essential not to use the same password for different platforms. 

What Tools are Used in Brute Force Attacks?

Despite the popular imagery of a hacker sitting behind a glowing computer feverishly trying different combinations of usernames and passwords, this often isn’t very accurate — although this method is still effective with enough time, patience, and persistence.

Compromised computers and automated software programs, commonly called bots, perform the mundane operations of repeatedly guessing login credentials. The hackers merely set up the bot programs and unleash them to do their dirty work.

Bots encompassing a botnet, an army of compromised computers performing simple, automated, and repetitive tasks, are used in brute force attacks and other types of criminal cyber activity, including distributed denial of service attacks (DDoS) and email spam phishing.

There are some software applications designed specifically to conduct a brute force attack. THC-Hydra is one such application. When employed, Hydra runs through different combinations of host IP addresses, usernames, and passwords until a successful combination is found. THC is a group of international hackers, of which Hydra is one of their products, that perform independent IT security work.

Why are Brute Force Attacks on the Rise?

The increase in brute force attacks is likely a combination of different factors. More people are connected to the internet than ever before. The amount of data on the internet, under varying levels of security and protection, grows by the hour. The sophistication of hackers and their tools to bypass cybersecurity defenses improve as fast as other technologies.

However, perhaps the most significant reason for the steep escalation in brute force attacks is the COVID-19 pandemic and the exponential increase in people working from home. Work-from-home arrangements skyrocketed in 2020, and companies quickly embraced and enhanced remote work capabilities across all sectors.

The influx of people working from home and using their personal networks to log into company servers or remote desktops became the new working environment. Hackers looking to launch a brute force attack focused on the weaker home networks and the easily guessed login credentials that millions of people still use. An example is the spike in Windows Remote Desktop (RDP) brute force attacks.

How to Secure Against Brute Force Attacks 

The steps to defend against a brute force attack are rooted in basic but sound cybersecurity practices. The most obvious step is not to reuse passwords, nor use passwords that are easy to guess. Reused or recycled credentials are one of the most common mistakes people make. With the increasing popularity and protection that password management programs offer, there’s even less reason to rely on weak or reused passwords.

Beyond creating a hard-to-crack password, many websites and applications now offer the option to enable multi-factor authentication. While this is an added step in the login process, using this feature is a solid defense against a brute force attack.

The companies behind their websites and applications can take additional cybersecurity steps. An example is to limit the number of login attempts before an account or IP address is temporarily locked out. This feature can severely hinder the success rate of a brute-force attack. 

Another security feature is to enable CAPTCHA. CAPTCHA is an extra layer during the login process. Any time you’ve had to select all the taxis in a picture, for example, this is CAPTCHA in action.

If you’d like to learn more about brute force attacks and other types of credential attacks and steps to take to prevent them, check out our 6-part, 53-minute Credential Attacks course that is especially relevant for network administrators and security analysts.

Want to learn more about brute force attacks and how to prevent them? Check out our Network+ training.