Tackling brute force attacks with Netenrich

MDR

Taobao is a Chinese online shopping website that just happens to be the biggest e-commerce site in the entire world. Owned by conglomerate giant Alibaba, it also happens to be the eighth most visited website in the world according to Alexa Rankings.

In early 2016, Taobao users reported suspicious activity that turned out to be a massive brute force attack. Some 21 million user accounts were compromised, equating to 1 out of every 20 annual active buyers on Alibaba’s China retail marketplaces.

Brute force attacks remain a popular option among hackers. So, let’s familiarize ourselves with this attack and see how Netenrich helps to rectify these issues.

What is a brute force attack?

A brute force attack is a cryptographic hack wherein the attacker manually guesses the different possible combinations of a targeted password and repeats the process until they land on the correct combination. A longer password will require more sophisticated combinations.

Brute force attacks are not the most efficient approach, but consider that some still use passwords such as “12345” or “password,” making the hacker’s job easy every now and then.

Goals of a brute force attack

A well-executed brute force attack uses a script, hacking application, or some similar process to repeatedly execute certain processes to gain information. Goals include:

  • Theft of personal information such as passwords and passphrases that can be used to access online accounts and network resources
  • Obtaining information to sell to third parties
  • Taking over user accounts to send phishing links or spread fake content
  • Using credentials to deface the company website
  • Taking over a website to redirect traffic to a site containing malicious content

 

Brute Force #1: Dictionary Attacks

Dictionary attacks are most common among brute force attacks. The idea behind this pretty simple: use a list of words in the dictionary to crack passwords. Attempts typically begin with assumptions about common passwords (like “password,” “12345,” etc.) and attempts to guess the correct one from the list in the dictionary.

Computers nowadays are so fast and powerful that they can crack an 8-character alphanumeric password in just eight hours through pure brute force tactics. The processor goes through every possible combination of every possible character to find the right combination.

Brute Force #2: Reverse Brute force Attacks

The reverse brute force attack targets a common password instead of a specific user using a common group of passwords against a list of possible usernames. For example, a simplistic option such as “password” may be used to brute force a username that goes with it.

Brute Force #3: Credential Stuffing

Most users will choose the same password to access all their online profiles to keep things simple. Many also interact with different websites by logging in via Facebook or Google accounts. Here, an attacker only needs to crack one key account to gain access to several others.

The Netenrich Solution

As a part of our Secure Enterprise package, Netenrich will protect you from brute force attacks with early detection and recommendations for remediation. We have created a Brute Force Detection Model that allows us to efficiently zero in on potential attacks faster than the speed of bad.

The keyword here is “efficiently.”

Identifying false positives

Seventy to 80 percent of brute force attack tickets are nothing but false positives. Common examples of false positives that are mistaken by the system to be brute force attacks are:

  • A user trying to access different profiles: A user may have multiple email accounts with different passwords for Gmail, Outlook, Yahoo, etc. They may be trying frantically to log in via their Outlook account but with the wrong Gmail or Yahoo password.
  • Enterprise password expiration: Enterprises usually keep changing their passwords for security reasons. Repeated attempts to log into a service using an expired password may inadvertently resemble a brute force attack.

Dealing with the real threats

The Netenrich platform detects legitimate brute force attempts, filters through the false positives, and recommends steps to remediate based on context and evidence. To deliver even more context, the platform checks whether the asset affected is critical.

If it happens to be an external attack, we leverage proprietary, always-on threat intelligence to study the IP address of the attacker. If the address has a history of conducting brute force attempts, the criticality of the alert is increased.

CURIOUS?

Boost your security with our powerful blend of Human and Machine intelligence

TALK TO US

EXPLORE OTHER USE CASES

Malware traffic detection

Threat hunting

Monitoring authenticated services