One of the least advanced but most successful techniques used by hackers to break into a network, a brute force attack is achieved by employing a trial-and-error method of entering different username and password combinations with an automated tool or bot until access is granted. Once they've infiltrated the network, hackers steal data, install malware, or even shut the system down.
Credential stuffing: Attackers use known credentials such as email addresses and passwords that have been previously leaked in breaches from other organizations to log in to the network. Since users tend to reuse the same credentials in different services or applications, this mode is often successful.
Reverse brute force attack: In this type of attack, the hacker tries a commonly used password and attempts to log in with different usernames.
Dictionary attack: In this attack, the hacker will enter phrases or well-known words in the dictionary as passwords. These are usually words like "password," "admin," or "welcome."
Here are some well-known brute force attacks that have happened in the past few years:
In April 2013, WordPress was the target of brute force attacks from 90,000 IP addresses. The attackers attempted to access admin accounts by keying in different weak passwords. Users were asked to refrain from using weak passwords and to set up robust passwords instead.
In 2013, GitHub became a victim of a brute force attack. The hackers used 40,000 unique IP addresses to force their way into accounts with weak passwords or passwords used in more than one account. After the attack, GitHub took steps to ban weak passwords for all accounts by enforcing more robust password requirements.
In 2015, Alibaba's e-commerce platform TaoBao suffered a massive brute force attack. Hackers accessed around 99 million credentials leaked from another breach, and about 21 million accounts were affected in this breach due to users generally using the same credentials for different accounts.
Subscribe to our digest to get your weekly dose of cyber security updates straight to your inbox.
You will receive weekly cybersecurity news soon!
© 2019 Zoho Corporation Pvt. Ltd. All rights reserved.