Brute Force Attack
If you may recall from the previous Cyber Kill Chain blog, an attacker collections information during the reconnaissance phase and tries to gain access to the target systems in order to achieve their objectives. It is possible that an attacker might have used a brute force attack in one of the phases to gain unauthorized access. But what exactly is a brute force attack?
Have you ever forgotten one of your passwords and just try all the different passwords you have until you get the right one? It is very similar except the attacker has no clue what your password might be.
According to Mitre ATT&CK Framework, there are four sub-techniques: password guessing, password cracking, password spraying and credential stuffing.
Password guessing is just as it sounds; guessing passwords without any known credentials or prior knowledge. Password cracking can be used when you have access to password hashes, and using it to find plaintext passwords or other credentials. Rainbow tables can be used to crack hashes. Password spraying refers to using either a single password or a small list of common passwords and spraying it against different accounts in order to gain access. Lastly, credential stuffing is using username and passwords that are collected from the result of a non-related breach and using it against the target accounts.
What can you do to protect yourself from brute force attacks?
If you refer back to one of my first blog posts, I have talked about controlled use of administrative privileges. Many sub controls from this CIS control can be helped to mitigate brute force attacks. Changing default passwords, using unique passwords, use multi-factor authentication, log and alert unsuccessful logins. Implementing password policies and account lockouts for too many failed attempts may be beneficial to proactively defend against brute force attacks.
MITRE. “Brute Force.” Brute Force, Technique T1110 — Enterprise | MITRE ATT&CK®, attack.mitre.org/techniques/T1110/.
