The aim of this PPT is to provide comprehensive information on the cyber attack called Brute Force Attack, including but not limited to its aim, its types and the measures that need to be taken to keep at bay such a cyber attack.
2. Table of Contents
2
Websites and Web Hosting Service
Providers
Brute Force Attack
Hackers’ Gain through Brute Force Attack
Aim of Brute Force Attack
Brute Force Attack Tools
Automated Tools’ Features for Brute
Force Attacks
Types of Brute Force Attack
Simple Brute Force Attacks
Dictionary attacks
Hybrid Brute Force Attacks
Reverse Brute Force Attacks
Credential Stuffing
Protection against Brute Force Attacks
Conclusion
3. We live in a world where the Internet has become an integral part of our
day-to-day lives. Each day we visit many websites but most of us don’t
know how these websites are made accessible to us. Each and every
website that we visit, is hosted on the web server of a web hosting
company. These web hosting companies, which are also called web hosts,
are responsible for leasing server space to various website owners, along
with providing them the services and the technologies that are needed by
a website,in order for it to be accessible over the Internet for online
viewing.
When one refers to the “Best Windows Hosting Company” or to a
“Cloud Hosting Company” or even to “Website Hosting Companies in
India”or abroad, one is essentially referring to these website hosting
service providers.
3
Websites and Web Hosting Companies
4. It is a cryptographic hack that uses trial-and-error method to guess login
information, encryption keys and/or find a hidden web page. It is also
known as an exhaustive search. In it the hacker tries to unearth the right
password by guessing all possible combinations of the targeted password.
Such cyber attacks are called Brute Force Attack as these attacks are done
using brute force i.e. forceful attempts are made excessively, to hack the
account. The amount of time that will be needed to hack an account can
range from a few seconds to years depending on the complexity of the
targeted password. Hence, it can be time consuming and difficult to
execute if data obfuscation method is used. Despite being an old method,
it is effective and popular with hackers even now. Hence, to avert it, it is
advisable to make use of a strong password policy.
4
Brute Force Attack
5. Despite the effort that goes into it, hackers benefit in the following ways
from a Brute Force Attack:
Hijacking the targeted system for malicious activity
Stealing personal data and important information
Profiting from advertisements and/or collected data of activities
Spreading malware to cause disruptions
Ruining the targeted website’s reputation
5
Hackers’ Gain through Brute Force Attack
7. Aim of Brute Force Attack
It aims to fulfil the following purposes, which are mentioned in no particular order:
To steal personal information, such as, passwords, passphrases and other
confidential information
To redirect domains to sites holding malicious content
To harvest credentials and then sell those to third-parties
To spread fake content or send phishing links by posing as users
To damage the reputation of the targeted organization
8. In this type of a cyber attack, the attacker has at his disposal automated
software that takes the aid of computing to systematically check various
password combinations until the correct one is found. To fulfil this
purpose, a brute force password cracking application is required. Such an
application uses rapid-fire guessing, which creates every possible password
and attempts to use it. These kind of software can provide a single
dictionary word password within a second.
Some of the popular tools for it, are mentioned below:
John the Ripper
Aircrack-ng
RainbowCrack
L0phtCrack
8
Brute Force AttackTools
9. These tools have in-built programs that aid in Brute Force Attacks in the
following ways:
Allow hackers to crack wireless modems
Decrypt passwords that are in encrypted storage
Translate words and run all possible combinations of characters
Work against many computer protocols, such as, FTP, SMPT, MySQL and
Telnet
Identify weak passwords
Execute dictionary attacks.
9
AutomatedTools’ Features for Brute Force Attacks
10. Each of the below mentioned Brute Force Attacks, uses a different method
to find confidential data.These types of brute force attacks are mentioned
below, in no particular order.
Simple Brute Force Attacks
Dictionary Attacks
Hybrid Brute Force Attacks
Reverse Brute Force Attacks
Credential Stuffing
In the following slides the above mentioned brute force attacks are
explained in brief.
10
Types of Brute Force Attack
11. In it hackers attempt to logically guess the user’s credentials. It doesn’t take
the help of software tools or other means. Extremely simple passwords
and PINs can be unearthed in this way.
11
Simple Brute Force Attacks
12. Dictionary Attacks
When a hacker chooses a target and runs a list of possible passwords
against that username, it is known as a dictionary attack. Dictionary
attacks are the most basic form of brute force attacks. Despite being
cumbersome, these are used very frequently as an important tool for
discovering passwords.
13. Hybrid Brute Force Attacks
In this kind of hacking, a hacker combines outside aids with his guesswork in an attempt
to make the cyber attack successful. As the name suggests, it is hybrid in form and
usually makes use of dictionary and brute force attacks. This kind of a cyber attack is
used to unearth passwords that combine common words with random characters.
14. Reverse Brute Force Attacks
In reverse brute force attack, the attack strategy is reversed by starting with a known
password. Next, the hackers search numerous usernames, until a match is found. Most
of these cyber criminals start with leaked passwords, which are available online due to
past data breaches.
15. Credential Stuffing
This kind of brute force attack happens when a known username and password pairis
used by the hacker to gain access to other websites and network resources. To avoid
becoming a victim of it, precautions should be taken, such as using two-factor
authentication and using different passwords for different network resources.
16. Protection against Brute Force Attacks
The following measures can ensure considerable protection against brute force attacks:
Implementing captcha
Increasing password complexity
Increasing password length
Using multi-factor authentication
Limiting login attempts
17. Conclusion
A brute force attack, which is also known as brute force cracking, is one
of the many cybercrimes that endanger the security aspect of one’s
confidential data, such as usernames and passwords. Hence, it becomes
extremely crucial to take every precaution to keep at bay as well as foil
these kind of cyber attacks.