Brute Force Attacks are on the Rise as June sees a 671% increase

Brute Force AttacksWith nearly one-third of all organizations targeted in a single week and just above one-quarter on the average, attempts to access externally facing resources is growing in popularity and success.

One of the ways cybercriminals have traditionally gained access to victim networks is through good old fashioned trying with a dash of automation and scripting to speed up the process. Brute force attacks have been around as long as hackers have been trying to break into networks. But modern threat actors no longer sit at a keyboard and the network isn’t always the target, as automation makes breaking into an account opportunistic and targeting cloud-based applications makes it easier to do so remotely.

According to new data from Abnormal Security, in their Q3 2021 Email Threat Report, the typical week sees about 10% of organizations being targeted with brute force attacks. June saw as much as 32.5% of organizations targeted – the same week Abnormal Security saw a nearly 7x jump in the number of attacks.

The thinking is this massive jump in the number of attacks has to do with “the increased attention around credential phishing and account takeovers”, according to the report.

SaaS-based applications are readily accessible to anyone on the Internet. All that’s required is a username and password. And with literally billions of (hopefully) old sets of account usernames and passwords available on the Dark Web, it’s relatively easy for threat actors to utilize a semi-legitimate (albeit older) data source to pound against cloud-based services in the hopes of gaining access.

While this massive jump is a one-off spike, it does indicate what’s possible as the norm in the future. Continual Security Awareness Training would dictate that proper password hygiene be in place that includes not using the same passwords across systems, nor between personal and business accounts.

Are your user’s passwords…P@ssw0rd?

Employees are the weakest link in network security, using weak passwords and falling for phishing and social engineering attacks. KnowBe4’s complimentary Weak Password Test (WPT) checks your Active Directory for several different types of weak password related threats.

wpt02Here's how it works:

  • Reports on the accounts that are affected
  • Tests against 10 types of weak password related threats
  • Does not show/report on the actual passwords of accounts
  • Just download the install and run it
  • Results in a few minutes!

Check Your Passwords

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Anti-Phishing Guide ebook

Get the latest about social engineering

Subscribe to CyberheistNews