Bruteforce attack

The brute force attack consists of testing different passwords for a given identifier in order to connect to the intended target. This is an old and widespread method used by cyber attackers.

It can take anywhere from a few seconds to several years to crack a password, depending on its length and complexity. As a result, hackers have developed tools to get the job done faster. Some go through entire dictionaries, filling in words with special characters and numbers, or use dictionaries of specific words. However, this type of sequential attack is tedious.

As a result, attackers are developing automation tools to quickly perform thousands of attempts. If a match is found, the attacker has access to the user’s account if no other protection is in place.

After a successful brute force attack, the attacker can take a number of actions:

– Steal administrator account credentials
– Send messages to employees or users to encourage them to click on phishing links or open attachments containing malware
– Send messages to customers in an attempt to damage the reputation of the company, organisation or individual
– Storing malware on the system or internal infrastructure. If the malware is running on an administrator’s device, the attacker could steal higher-level credentials.

A brute force attack works in a similar way to a credential stuffing attack, but is less sophisticated.