So far we are good with what are different types of attacks by using Malware, Trojans, Adware, etc. Now a small question. Have you ever used the same password for most of your logins across sites? Are we too lazy to remember too many passwords? Then our data is at risk. Forget about the same password, are we using simple passwords like “password” ? Then go change your passwords right now!! Bots are ahead.

What is a Brute Force Attack?

It is a password attack that uses trail and error method to decrypt or to crack passwords using certain database of usernames and passwords. They are simple and reliable. This is an ancient but effective method of attack which is now even used by the hackers. As per the reports, 5% of the confirmed data breaches occurred in 2017 with the use of Brute Force Attack. Certain automated machines or bots are employed to perform this kind of attacks. If your password is “password”, then you are done in seconds!!

Types of Brute Force Attacks

• Simple Brute Force Attack: This is used without any logic or data. They simply try numerous combinations of usernames and passwords to crack the passwords provided with resources & time.
• Dictionary Attack: It is performed using dictionaries. A dictionary is a list of most common usernames or passwords, stored as strings or phrases, that are used across the websites.
• Hybrid Attack: It is the combination of both dictionary and brute force attack, where the phrases in the dictionary are used to each possible variation using brute force.
• Reverse Brute Force Attack: As its name suggests, the attacker would previously have the password of the user but not the username. In this case, this password is used with the combinations of possible usernames from the dictionary. The password might have obtained from Deceptive or Social Engineering Attack or Man-in-the-Middle attack.
• Rainbow table attack: It is the method of hacking that uses Rainbow Hash tables to crack passwords. Wooh! This is new. Check at the last for the Neologism. It can be used to guess the passwords with certain length and limited characters.
• Credential Stuffing: Remember the question of using same passwords on multiple websites. Yes! If your credentials are leaked by some means, then they can be used on the other sites as well to extract much of your data. This is called Credential Stuffing.

Prevention:

• Do not use same credentials for multiple websites.
• Do not use simple passwords that can be easily guessed.
• Use multi-factor authentication wherever possible.
• Programmers are advised to include CAPTCHA when a login is being performed, so that brute force attack will get complicated to execute.
• Use lengthy passwords that include alpha numericals and special characters.

Neologism:

Rainbow tables: It is not as cool and beautiful as a rainbow
!! As we know our passwords play an important role in authentication. So, when a user has created an account, his/her password is stored in the data base using hashes. So, a rainbow table is a database that has the hashes of corresponding plain texts. Whenever the user attempts to login, the password is converted to hash and then compared to the one which is required to the database.

So, when a hacker discovers the rainbow table that is used to encrypt the passwords, then he uses it to crack all the passwords in the storage. More!

More about Brute Force Attacks!

Example for Brute Force database!

Stay updated and connected for more! Have a happy and healthy learning!

Stay safe and Spread Knowledge!