ddos and brute force attacks 2

DDoS and Brute Force Attacks. Do This To Stay Safe

Reading Time: 5 minutes

Last Updated on March 18, 2021 by Calvin C.

Cybercriminals break into password-protected systems using various methods and one of these methods is a brute force attack. In this article we shed light on DDoS and brute force attacks.

In addition, we look at ways to stop these types of attacks so as to prevent catastrophic data breaches.

Background of DDoS and Brute Force Attacks

Every year, reports of these attacks surface in the news and companies that are unprepared lose data to cybercriminals.

According to Karspesky, the highest number of brute force attacks took place in Italy in March 2020 where 978,808 cases were recorded.

ddos and brute force attacks

Brute force attack

A brute force attack is when a cyber-attacker tries every possible password or passphrase combination, usually using a bot or script, until the correct one is found.

The purpose of a brute force attack is to gain entry into the targeted system that is protected by a password or passphrase.

Every possible combination is calculated and tested to see if it’s the correct password or passphrase.

As the length of the password increases, the amount of time and computational power needed to carry out the attack rises exponentially.

  • Types of brute force attacks:
  • Simple brute force attack
  • Dictionary attack
  • Reverse brute force attack
  • Hybrid brute force attack
  • Credential Stuffing

Simple brute force attack

The simplest form of brute force attack is when a systematic approach is used to guess the password, usually without use of software or tools.

For example, for a 4 digit password the attacker begins with 0000, 0001, 0002, etc until the correct password is found.

This type of brute force attack is limited to short passwords as opposed to long, complex passwords.

Dictionary attack

In this technique attackers use special software to guess the correct password by systematically trying every possible word in the dictionary.

This has now evolved to using a wordlist of potential passwords obtained from previous breaches.

Cracking software that can generate lists of common passwords and their variations is also used by cybercriminals.

It is often successful because people usually make small changes to an existing password for easy memorization.

One way to protect yourself from a dictionary attack is to use a password manager.

This generates a random combination of more than 15 characters, making it very difficult for cracking software to guess the correct password.

You can start using NordPass for free by using the link below

Reverse brute force attack

It is also called a password-spray attack.

Reverse brute force attack doesn’t target a single victim but is mounted against many users at once.

In this case, instead of going through many potential passwords to find one that unlocks a protected system, the attacker goes through many protected systems to find one that is unlocked by a particular password.

What is common in this case is a password or passphrase and the process continues until a correct username is found. 

Check out the common passwords compiled by NordPass. These are perfect for carrying out a reverse brute force attack.

Hybrid brute force attack

This type of attack combines two or more methods to execute the attack, usually simple brute force attack and dictionary attack .

An attempt to breach a system is made with common passwords then it is modified to include variations of these passwords.

In another instance, credential stuffing is combined with a dictionary attack to maximize chances of getting successful login.

Credential stuffing

In credential stuffing, the cybercriminal usually obtains a large number of login details, usually from a previous security breach.

These details include email addresses or usernames and the corresponding passwords.

A software is then used to automatically attempt to gain unauthorized access using these credentials at a large scale.

Reuse of the same username and password is bad practice but unfortunately it’s common.

The attacker relies on a database of stolen credentials to gain access into systems or accounts with this method. 

Zoom had such an attack in 2020 after cybercriminals got hold of more than 500,000 passwords and these listed for sale on the dark web.

One simple way to prevent this type of attack is to change your password regularly and avoid reusing old passwords.

Preventing brute force attack

There are straight-forward measures that can be taken to stop most brute force attacks.

These include:

  • Use of a strong password. By now you SHOULD be using a password manager. Learn more.
  • Limiting number of login attempts
  • Time delays for each successive wrong login attempt
  • Using more complex recaptcha
  • Use of verification code sent to phone or email (2-factor authentication)
  • Locking an account after a certain number of login fails
  • Blocking suspicious IP addresses

DDoS attack

Distributed denial-of-service attack is another way cybercriminals cause havoc online and cases are on the rise.

In this attack, there is malicious disruption of normal service to intended users by flooding servers with internet traffic.

The surge in internet traffic overwhelms the servers thus prevents legitimate requests from being fulfilled.

Since the origin of the malicious traffic is not a single source, this kind of attack is difficult to stop.

Think of a DDoS attack as an entrance that is suddenly overwhelmed by a bad crowd thus preventing those authorised to enter from gaining access.

In most cases, cybercriminals are motivated by activism or revenge and they target high-profile systems like financial institutions.

The origin of the traffic used to mount the attack is usually from compromised computer systems.

IoT (Internet of Things) devices can also be recruited in the attack and malware plays a crucial role in taking over these systems.

What you end up with are zombies or bots, controlled by the attacker, forming a botnet.

Each bot then sends multiple requests to the targeted server’s IP address, thus overloading it and this results in normal requests being denied access.

How to identify a DDoS attack

Sometimes it’s difficult to distinguish between normal spike in traffic and a DDoS attack, but there are tell-tale signs you need to look out for:

  • Sudden unavailability of service
  • Sudden slowing down of servers
  • Spike in traffic from one or similar IP addresses
  • Sudden increase in requests for a single page
  • Sudden increase in traffic from the same profile e.g. browser, device or location

The challenge in prevention of DDoS attacks is distinguishing between real traffic and bot traffic.

If you make a mistake, you risk blocking an influx of genuine visitors, thus hurting your business.

For a successful attack to take place, bot traffic needs to blend in with normal traffic so that any countermeasures are unsuccessful.

  • Ways to mitigate DDoS attacks

Blackhole

All traffic to the affected IP address, both real and bot traffic, is directed to a non-existent server and dropped out of the network

Firewall

A firewall establishes a set of rules to block bot traffic, based on protocols, port or known IP addresses.

However, the method is not very effective in complex attacks.

Routers and switches

These are designed to limit the number of requests a server accepts in a certain period.

As the attack becomes more complex, the effectiveness of this method diminishes.

Network diffusion

In this approach, the DDoS attack is diluted by scattering the bot traffic across many servers to a point where it causes less impact and is manageable.

Conclusion

Brute force attacks and DDoS attacks are still a major threat.

Cybercriminals are now using more sophisticated hardware and software to successfully carry out the attacks.

Security on the web is very important. Remember that as you visit websites, make payments or other online activities, you leave a digital footprint.

One way to be anonymous when online is by using a good VPN.

This tool encrypts your traffic and masks your IP address, thus hackers, ISP and the government cannot see what you are doing.

Research shows that cybersecurity continues to expand as the world has gone digital, according to Grand View Research

  • The top VPN services we recommend are:

Have you experienced a brute force attack or DDoS attack? Leave comments below and share the post with your friends.

Tech writer and VPN expert. DIY enthusiast and loves anything to do with space science.

Leave a Reply

Your email address will not be published. Required fields are marked *