Brute Force | Intel 471 Skip to content

Brute Force

A credential attack method used to crack the username and password of accounts through repeated trial and error.
Homepage slide 1
6 Brute Force

Brute force attacks are attempts by attackers to guess passwords using trial and error. They can be used in combination with dictionary attacks, rainbow table attacks, and social engineering attacks.

A brute force attack is usually carried out by an attacker who wants to gain unauthorized access to an account. Brute force attacks often work because the targeted account has weak passwords. For the attack to be successful, the attacker needs to try every combination of letters, numbers, or symbols.

If the attacker succeeds, they gain access to the account and can steal information or change settings.

How do Hackers use Passwords in Brute Force Attacks?

Password cracking is the process of trying different combinations of characters to guess the password used to protect something. For example, if you have a password-protected file on your computer, you could try all possible combinations of letters, numbers, and symbols to see if any of them work. If none do, you know that the password is probably not a simple combination of letters and numbers.

Common Types of Brute Force Attacks

The most common types of brute force tools include dictionary attacks, rainbow table attacks, and hybrid attacks. Dictionary attacks work by trying every word combination in an account's password field. Rainbow tables contain pre-compiled lists of words and phrases commonly found in usernames and passwords. Hybrid attacks combine both methods.

DICTIONARY ATTACKS

A dictionary attack uses a list of frequently used words to try different combinations of letters within a username/password pair. The attacker tries one character at a time, checking whether any matches exist in the target system. If successful, the attacker has gained entry to the targeted network.

RAINBOW ATTACKS

Rainbow tables look for patterns in the characters entered by users. Instead of simply matching individual characters, rainbow tables match entire strings of text. These tables store previously cracked passwords along with other useful information about how often particular passwords were chosen. When a new login attempt is made, the attacker compares the current input string to entries stored in the table. If a match exists, the attacker knows the password was successfully guessed.

HYBRID ATTACKS

Hybrid attacks combine elements from both dictionary and rainbow table attacks. They start by attempting to guess a single character based on a known pattern. Once this initial guess fails, the attacker moves onto another character, again looking up possible values in the table. If the attacker continues making guesses, he will eventually find a valid password.

How Can You Protect Your Computers from a Brute Force Attacker?

To protect computers from brute force attacks, employees should use strong passwords that are difficult for others to guess.

Some key concepts for your business should include:

  • Monitor the cybercriminal underground for stolen organizational email addresses and passwords.

  • Encourage employees to use strong passwords and avoid common, simple passwords.

  • Keeping all business device operating systems up to date, as well as ensuring these have the latest security patches and updates.

  • Organization utilizes:
    • Antivirus software that protects your computer from viruses and other malicious software.

    • Password management software that allows end users to create, store, organize, and manage passwords in one place.

    • Two-Factor Authentication

    • Encryption

    • Firewall

    • VPN

All in all, it's important to remember that no single method will be 100 percent effective at protecting your company from a successful brute-force attack. The best defense is a combination of all methods, including good practices like those listed above.