With nearly one-third of all organizations targeted in a single week and just above one-quarter on the average, attempts to access externally facing resources is growing in popularity and success.
One of the ways cybercriminals have traditionally gained access to victim networks is through good old fashioned trying with a dash of automation and scripting to speed up the process. Brute force attacks have been around as long as hackers have been trying to break into networks. But modern threat actors no longer sit at a keyboard and the network isn’t always the target, as automation makes breaking into an account opportunistic and targeting cloud-based applications makes it easier to do so remotely.
According to new data from Abnormal Security, in their Q3 2021 Email Threat Report, the typical week sees about 10% of organizations being targeted with brute force attacks. June saw as much as 32.5% of organizations targeted – the same week Abnormal Security saw a nearly 7x jump in the number of attacks.
The thinking is this massive jump in the number of attacks has to do with “the increased attention around credential phishing and account takeovers”, according to the report.
SaaS-based applications are readily accessible to anyone on the Internet. All that’s required is a username and password. And with literally billions of (hopefully) old sets of account usernames and passwords available on the Dark Web, it’s relatively easy for threat actors to utilize a semi-legitimate (albeit older) data source to pound against cloud-based services in the hopes of gaining access.
While this massive jump is a one-off spike, it does indicate what’s possible as the norm in the future. Continual Security Awareness Training would dictate that proper password hygiene be in place that includes not using the same passwords across systems, nor between personal and business accounts.
Here's how it works:
