Brute Force Attack (BFA)
Brute Force Attack refers to cyber attacks by trial and error. Attackers try many different ways to get results.
Unlike many other cyberattack tactics, Brute Force attacks target weak or predictable usernames and passwords instead of website vulnerabilities.
Brute Force attacks are attempts by attackers to try different username and password combinations, believing that one of these combinations will be successful, and cracking passwords. The purpose here is to gain access to a restricted resource. Attackers may want to steal sensitive information and infect sites with malware.
How Do Brute Force Attacks Work?
Attackers have lists of frequently used real credentials obtained through security breaches or the dark web. Bad bots systematically attack websites, trying these credentials and notifying the attacker when they gain access.
If a user repeatedly and unsuccessfully tries to log into an account, it is most likely BFA.
The following also may be:
- The same IP address is unsuccessfully trying to log in multiple times.
- Many different IP addresses are unsuccessfully trying to log into a single account.
- Multiple unsuccessful login attempts were made from various IP addresses in a short period of time.
Except for birth dates and child names, the most common passwords in BFA lists are letters and numbers in sequential order on the keyboard. For example:123456, abc123, asdf, 123qwe, etc. The list can be duplicated this way.
How to Avoid BFA?
Let’s see:
- You should use hard-to-guess passwords with lots of characters (20 recommended). It is recommended that you do not include information that can be found on the Internet in your passwords.
- Use letters, symbols, and numbers.
- Periodically change the password.
- Use multi-factor authentication.
Types of BFA
Simple BFA can use different methods, such as repeating all possible passwords at once.
- Hybrid BFA uses a regular iterative pattern and instead of trying all passwords, it tries with minor changes such as adding numbers to words or changing letters.
- Dictionary BFA guesses usernames and passwords using possible numbers and phrases. It is the most common type of brute force attack, and common username/password combinations are attempted.
- There are also rainbow BFA, reverse BFA, and credential stuffing BFA.