‘Brute force’ cybercrime threat
In 2017, both the UK and Scottish Parliaments fell victim to so-called ‘brute-force attacks’.
One year later, a similar but unsuccessful attack occurred in the Northern Irish Assembly. And this year, Hong Kong’s Cathay Pacific suffered a brute-force attack and was fined £500,000 by the UK’s data regulator for lacking sufficient preventative measures. The ad-blocking service AdGuard also forced a password reset on all its users after suffering a brute-force attack.
According to Verizon’s 2020 Data Breach Investigations Report, hacking, which includes brute forcing passwords, remains the primary attack vector. More than 80 per cent of breaches caused by hacking involve brute force or the use of lost or stolen credentials.
“For months now, we have heard about the increasing number of phishing emails attempting to take advantage of people’s fears amid the pandemic. Now, a growing number of brute-force attacks is threatening business networks around the globe,” said NordVPN Teams, the cloud-based virtual private network service for business.
A brute-force attack (also known as brute-force cracking) is a method of trying every possible password until the right one is found. These attacks are done by ‘brute force’, meaning they use excessive forceful attempts to ‘force’ their way into private accounts. This attack method is old, but still effective and popular with hackers. Gaining access to a valid account can mean compromising the entire site, which bad actors can then use as part of their network of compromised websites.
“Unlike many other tactics used by bad actors, brute-force attacks don’t rely on vulnerabilities within websites. Instead, they rely on users having weak or guessable credentials. The simplicity and number of potential targets make brute-force attacks very popular,’’ says Juta Gurinaviciute, chief technology officer at NordVPN Teams.
Brute-force attacks are often used to target devices on remote networks to obtain personal information, such as passwords, passphrases, usernames, personal identification numbers (PINs), and emails. Hackers will then attempt to profit from the access by spamming, distributing malware, or phishing unsuspecting victims.
“There is little finesse involved in a brute-force attack, so attackers can run several attacks in parallel to increase their chances of success,” added Ms Gurinaviciute.
With the rise of remote working due to Covid-19, many brute-force attacks have been attempting to exploit the Windows remote desktop protocol (RDP), used by network administrators to remotely manage Windows systems.
According to Kaspersky’s observation, whether it is China, Italy, the US, Spain, Germany, France, or Russia, there has clearly been an increase in the number of RDP brute-force attacks since mid-March this year. For example, the number of attacks in the US amounted to around 200,000 before the pandemic and surpassed 800,000 in mid-March. In April, it reached 1.4 million.
“It comes as no surprise that bad actors now direct brute-force attacks towards individuals,” said Ms Gurinaviciute. “Users working from home don’t have the extra layers of protection provided by their offices or enterprise systems, making them much easier targets. Many users also choose weak passwords, which are relatively easy to compromise using simple brute-force techniques.”
She added that some attacks can take weeks or even months to provide anything usable.
Vincentas Grinius, chief executive officer at the network infrastructure solutions provider Heficed, says the Covid-19 crisis has undoubtedly increased vulnerabilities that “cybercriminals aim to exploit”.
Interpol recently reported that all around the world, corporations, governments and other critical infrastructures continue to suffer from malicious agents using phishing, social engineering, ransomware and other scamming tactics. For example, the World Health Organisation has seen a five-fold rise in digital attacks targeting its staff and public at large.
Mr Grinius says the spike in cyber attacks is “unequivocally linked to the pandemic”.
“The current events have created a new set of opportunities for cybercriminals,” he said. “Hackers have been exploiting increased dependency on solid network infrastructures and exposed their shortcomings that previously may have been set aside.
“The market is still experiencing quite an aftershock of the first Covid-19 wave, and until the dust settles down it is unlikely that scammers will stop searching for weak spots to take advantage of.”
Mr Grinius added: “A crisis like this increases distress and vulnerability, which cybercriminals aim to exploit.
“As hackers are getting more sophisticated, we must also become more inventive, predictive and adaptive. It is the online community’s imperative to ensure people’s security and understand that what happens on the internet often translates into the real world.”