Kris Kilgard, Division President of Locknet Managed IT.

What are brute-force attacks?

The name “brute force” comes from attackers using excessively forceful attempts to gain access to user accounts. Despite being an older cyberattack method, brute-force attacks remain a popular tactic with hackers.

In its simplest form, a brute-force attack uses trial and error to combine different variations of symbols or words until the correct password is guessed. While this isn’t the most efficient type of attack for hackers, it can still work for them to gain access. Don’t think about it as one person poking on a keyboard to come up with new password combinations. Instead, with specialized software, hackers can automatically attempt millions of passwords per second.

Once a hacker forces their way in, they will use their access to exploit digital advertising, steal data, hold data ransom, spread malware, or hijack systems.

Types of brute-force attacks

  • Knowledge Based – This is also called a simple brute-force attack. An attacker will guess a user’s password by entering a combination of values using known information about the targeted user. This is done without additional software and can be done with information about the targeted user found online or from a social engineering attack. These attacks are “simple” because many people still use weak passwords, such as “password 1234” or have poor password practices, such as using the same password for multiple websites.
  • Dictionary – This is a basic form of brute-force hacking in which the attacker selects a target, then tests possible passwords against that individual’s username. It’s called a “dictionary attack” because hackers run through dictionaries and amend words with special characters and numbers, utilizing common passwords downloaded from the internet.
  • Hybrid – A hybrid attack uses a combination of simple and dictionary methods. Attackers combine their knowledge about the targeted user with dictionary words and phrases. This method uses private information such as the user’s birthday combined with a common or popular word.
  • Credential Stuffing – This type of attack also preys on users’ weak password practices. Users often use the same passwords across several sites. An attacker who gains access to user passwords on one site will try the same ones on other sites, accounts, or social media profiles.
  • Reverse Brute Force – This method takes a known password, usually discovered through a network breach, and automatically submits it to an application until a username is found. Attackers who use this method often download a list of stolen passwords from the dark web and apply them to user accounts to find a credential match.

How to prevent brute-force attacks

Several strategies are available to prevent and detect brute force attacks. They are focused primarily on having better password practices in your workplace.

  • Use Lengthy and Complex Passwords – A strong rule of thumb is that passwords should be 15 to 64 characters in length and include capital and lowercase letters, symbols, and numbers. Use multiple word passphrases to prevent attackers from succeeding with simple dictionary attacks. And always use unique passwords for every account.
  • Two Factor Authentication – Should an attacker successfully brute force a password, having two factor authentication would stop successful authentication on the account.
  • Limit the Number of Failed Login Attempts – Limiting the number of times a user can re-enter their password credentials reduces the success rate of brute-force attacks by stopping the hacker from repeatedly testing username and password combinations.
  • Require CAPTCHA – Adding a CAPTCHA box to the login process can prevent an attacker from using bots to brute force their way into a user account or business network. CAPTCHA options include typing text images that appear on the screen, checking multiple image boxes, and identifying objects that appear.
  • Educate Employees – Make sure users in your organization understand the potential ramifications of a brute-force attack and why security measures and good password practices are important.

Improving your password practices

The likelihood of a brute-force attack succeeding increases significantly when the attacker can submit unlimited guesses, when weak passwords are permissible, and when additional challenges are not required to complete a login. The team at Locknet Managed IT has multiple avenues to help with your password security. Download their Desktop Guide to Strong Passwords to get started. Then, work with their team to layer on additional services like multi-factor authentication, password manager, and security awareness training for your employees. Contact the team at Locknet to learn more.

Business Man Happy After Working on Finances With Platinum Bank

Corporate account takeover. Phishing scams. Wire fraud. These are just a few of the cyber security threats businesses face every day. The consequences of a breech can be substantial, with recent reporting showing an average median cost of $30,000, while larger organizations have faced losses in the millions.

With these threats on the rise, it is more important than ever to protect your business against cyberattacks. At Platinum Bank, we have multiple products and processes in place to protect our clients’ data. Here are some steps you can take to protect your assets.

Banking Products That Protect against Cyber Security Threats

ACH Filter

An ACH filter prevents unauthorized debits from leaving your accounts. When you set up an ACH Filter, you create a list of pre-approved debits and credits. If any requested debits or credits fall outside this range, you are notified that your permission is required to proceed. That way, you have complete control over the money leaving your accounts. 

Positive Pay

Positive pay is a sister product to ACH filter. It works in the same way, but for written checks. You provide your bank with an approved list of checks to go out each month. If any activity falls outside the approved items, you make the determination if it should be paid or declined.

Out-of-Band Authorization for Wire Fraud Prevention

Out-of-band authorization protects your accounts against wire fraud. If your bank receives a request for wire funds transfer, out-of-band authorization requires the bank to confirm the transfer with you. They must contact you with the phone number on your bank account rather than any number provided in the wire transfer request. 

Processes and Policies That Protect against Cyber Security Threats

Multifactor Authentication

Multifactor authentication, also known as two-factor authentication, is an increasingly popular tool for protecting banking and other sensitive online accounts.

When you use multifactor authentication to access your online accounts, you will complete an extra step between logging in and accessing your data. Once you’ve provided your username and password, the system will send a verification code to you by email, text, or through an authenticator app. You need to enter that code to access your online accounts. Since it requires access to a separate account or a physical device, multifactor authentication provides very strong protection against cyber threats, so it is ideal to activate it whenever possible. 

Upgrade Passwords to Passphrases

When it comes to passwords, the longer and more complicated, the better. That is why many cyber security experts recommend upgrading passwords to passphrases. A good passphrase is long but easy for you to remember. The length will make it more difficult to bad actors to hack it.

Use a Password Manager

Another option is to use a password manager to randomize your passwords. These apps allow you to manage all of your passwords for all of your online accounts from a single dashboard. The manager can assign unique passwords made up of random letters, numbers, and symbols to your accounts. If you use a password manager, it is very important that you secure the manager with a strong passphrase and multifactor authentication. 

Perform Regular Cyber Security Audits

Annual outsourced audits of cyber security protocols are important components of any business’s cyber security plan. Many IT companies offer cyber security audits, where they run tests on security measures and even test employee compliance with cyber security policies.

How Platinum Bank Protects Banking Customers

Platinum Bank offers ACH Filter, Positive Pay, and out-of-band wire fraud protection to our clients. Internally, we implement and continuously improve on our own cyber security program, which includes automated processes to flag suspicious activity, dual controls for wire requests, and a multilayered security program. Our staff regularly participates in cyber security training to combat phishing attacks and other cyber threats.

At Platinum Bank, we are committed to keeping our clients’ data safe. Get in touch with us today to help ensure your business is protected.