Stronger and frequent brute force attacks are now the norm

The number and intensity of brute force attacks – such as those which targeted the UK and Scottish Parliaments last year – has increased dramatically over the first half of this year, according to new research from leading cybersecurity specialist Foregenix.

Its analysis of data from more than 500 websites globally shows that, apart from a dip in February, large-scale attacks have followed an upward trend over the first half of the year. May and June registered four attacks daily while the previous three months never recorded more than one attack a day.

The intensity of attacks also stepped up with the number of very large brute force attacks – defined as more than 30,000 malicious requests in a 10 minute period – ended on an unprecedented high of over 1.5 attacks daily after starting the year at half that level.

Frequency of attacks

This horizontal axis represents months, starting with 1 January 2018 and ending 22 June 2018, while the vertical axis is the daily frequency of cyber attacks:

In a brute force attack, cybercriminals use automated software such as botnets to make multiple guesses about possible passwords to gain access to data or personal details.

Benjamin Hosack, Chief Commercial Officer at Foregenix, commented: “Brute force attacks were once an occasional occurrence – typically we would see around one every three months or so. This data confirms what we are seeing on the ground. There is a very clear upward trend, not only in the frequency but also the intensity. Automated massive attacks are now the norm.

“Hackers are targeting organisations of all types in the public and private sectors. Smaller firms are seen as prime targets as their servers are often more vulnerable and, once breached, they can be used to launch new automated attacks that appear to come from a legitimate source.”

Strengthening defences

Hosack recommends organisations should strengthen their defences, for example by enforcing complex passwords, using challenge-response tests such as solving a simple math problem and account lockouts if a password is incorrect on a specific number of attempts.

“There’s little reason to believe the trend will be reversed. The difficulty in catching the cybercriminals, the ease with which they can launch attacks and weak cyber defences especially in growth areas like the Internet of Things means brute force attacks are a long-term issue,” continued Foregenix, CEO, Andrew Henwood.

“Organisations need to take action to safeguard valuable data. Following straightforward security procedures can avert a serious incident that could have a devastating impact on a business.”

Written by Foregenix