Below you'll find a list of all posts that have been tagged as “Brute Force Attack”
An Overhaul in Password Security Passwords aren’t going anywhere. Despite the buzz that biometrics and MFA are holistic solutions, passwords are a ubiquitous, crucial layer for authentication—and they’re low-cost and simple, too. That’s not to say that passwords are without issues. In fact, due to ineffective password policies, and poor user habits, they are hotly desired targets. Also, when a password …
The flow of news about data breaches and ransomware attacks is relentless. Businesses of all sizes—large companies included—continue to suffer. Not only do cyber attacks lead to financial damage, but they have knock-on effects like reputational impact and loss of client trust. What’s less publicized is just how often these breaches are caused by vulnerabilities in privileged accounts. Privileged accounts …
Stealing corporate credentials has been a popular tactic among cybercriminals for many years now. Due to reused passwords, blurred boundaries between personal and professional accounts, and an expanded remote workforce, cyber vulnerabilities are everywhere. What is Corporate Account Takeover? A Corporate Account Takeover (CATO) is a kind of organization-specific identity theft where cybercriminals steal employee passwords to gain access to …
The recent CISA Alert AA22-074A describes how Russian state-sponsored cyber actors gained access to a US NGO using compromised credentials and a flaw in default MFA protocols. This alert may help cybersecurity professionals understand that MFA alone is insufficient and the importance of securing each authentication layer. What happened, exactly?As early as May 2021, the FBI observed Russian state-sponsored cyber …
Install one layer of cyber security protection, and suddenly there’s a whole new way bad actors have discovered to penetrate it. Staying on top of the latest password security methods can sometimes feel like one big game of whack-a-mole. The truth is that cybersecurity is an ongoing, ever-evolving practice. Part of that practice is staying up-to-date on all the tactics …
People have been relying on password-based security for millennia. The Roman military reportedly used what they called “watchwords” to identify soldiers on patrol. Exclusive groups and guilds used secret passwords to prove membership. The phrase “open sesame” protected hidden treasure in the story of Ali Baba and the Forty Thieves. In more recent times, the world’s first computer passwords were installed …
Multi-factor authentication (MFA) requires several elements in order to function as real security for your data systems. Each factor in a multi-factor system must be appropriately protected because malicious actors can take advantage of a weak link to dismantle your protection. In part one of our series on the vulnerabilities of multi-factor authentication, we talked about the social engineering tactics …
When hackers target your organization with a password spraying attack, hackers are betting that one (or more) of your employees is logging in with a commonly used password. Threat actors adopt this attack method because it can be done slowly enough to avoid account lockouts. This is just one type of password attack that could hit your organization, and cyber …
Thousands of Canadian citizens are at risk of identity fraud after cybercriminals used stolen credentials to access government services including COVID-19 relief funds. The source of the breach was a credential stuffing attack utilizing logins exposed in a prior breach. This is the latest example in a steady stream of data breaches driven by poor password practices. The Verizon DBIR …
The Open Web Application Security Project (OWASP), a non-profit that is dedicated to web application security, classifies credential stuffing as a subset of brute force attacks. However, in practice, the two types of cyber-attacks use very different methods to accomplish an account takeover and fraud. To explore how credential stuffing attacks and brute force attacks differ, we need to understand …
