Brute force attacks have become a significant concern for individuals and organizations in Malaysia as the country continues to experience rapid digitalization and an increase in cybercrime. The government and private sector have taken steps to increase awareness and improve security measures to protect against these types of attacks.
Read more: Cyber Crime in Malaysia.
Due to the nature of these attacks, they can be challenging to detect and prevent and can cause significant harm if successful. As such, it is important for individuals and organizations in Malaysia to be aware of the risks associated with brute force attacks and to take steps to protect themselves.
What Is Brute Force Attack and How Does It Work?
In a brute force attack, usernames and passwords are ‘guessed’ to log into a system without authorization. It is a common technique for breaking codes where 5% of security breaches were caused by brute force attacks.
Applications and scripts are used to test a variety of password combinations used for logins or encryption keys. Brute force attacks are often used to gain unauthorized access to sensitive information or disrupt a service’s availability.
Attackers have lists of frequently used passwords or authentic user credentials that they have got via security flaws or the dark web. These sets of credentials are tested regularly by bots that attack websites and alert the attacker when they succeed in gaining access.
There are several types of brute force attacks:
- Simple Brute Force Attack – Employs a systematic ‘guess’ strategy independent of external rationale.
- Hybrid Brute Force Attacks – Begin with external logic to identify which password variant may have the most excellent chance of success. Then, it moves on to a straightforward strategy to attempt as many variations as feasible.
- Dictionary Attacks – It uses a dictionary of potential strings or phrases to guess usernames or passwords.
- Rainbow Table Attacks – A pre-calculated table for reversing cryptographic hash algorithms is known as a rainbow table. It may be used to make educated guesses about functions up to a particular length and with a specific character set.
- Reverse Brute Force Attack – It employs a standard password or a combination of passwords to protect against a wide range of usernames. It focuses on a network of users whose data the attackers have already gotten.
- Credential Stuffing – Takes well-known password-username combinations and tests them on several websites. It uses the advantage of several people sharing the same login and password on various platforms.
People frequently use a small number of easy passwords, which makes them vulnerable to brute-force assaults. Additionally, reusing the same password might provide hackers access to several accounts.
Some of the most commonly found weak passwords in brute force lists include the date of birth, children’s names, abcdef123, password, hello, and welcome. Complex passwords offer superior defense against identity fraud, data loss, unwanted account access, etc.
Case Study of Brute Force Attack Example in Malaysia
Working from home has become a norm in many industries, and Malaysia is no exception. The use of Microsoft Remote Desktop Protocol (RDP) has made it easier for employees to connect to their work computers from home, allowing them to continue working remotely.
With more employees working remotely, there is an increased likelihood of brute force attacks, as attackers can easily target remote workers who may not have the same level of security on their personal devices as they would on a corporate network.
A total of 10.4 million brute force attacks against users in Malaysia who had Microsoft RDP or Remote Desktop Protocol installed on their workstations were attempted between January and June 2021. This is a significant spike compared to 6.78 million in the first half of 2020.
In the first three months of 2021, more 25% password stealing activities were stopped than it did in the previous year. Overall, 292,495 brute force attacks designed to steal accounts in Q1 2021 were blocked, 180,576 more incidents than the previous year which is 111,919.
How to Protect Your Server From Brute Force Attack?
There are various methods and best practices for protecting your server from brute force attacks. By implementing these security measures, you can help to safeguard your server and protect your data from unauthorized access.
The easiest and best strategy to stop a brute-force assault is to have a strong password policy. For your online application or a public server, make a complicated password that is nearly hard to decipher yet simple to remember. When generating a password, remember to:
- Never use your username or password with any personal information. Never use your name, birth date, or email address as a password.
- Never reuse the same password for several accounts. For each of your internet accounts, use a different combination of passwords.
- In 10 attempts, 30% of recycled or updated passwords may be deciphered. Use lengthy passphrases with unique characters and spaces. Your passwords should contain upper- and lowercase letters, numbers, and symbols.
- Make your password more than six characters long. Passwords should ideally be 15 characters long.
- Use only terms from English-language dictionaries. Use random character strings instead of words wherever possible.
Limit failed login attempts is an important security measure that can help protect your web application from brute force attacks.
This feature limits the number of times a user can attempt to log in, before being locked out. By limiting the login attempts, this helps prevent malicious actors from trying multiple different combinations of passwords with hopes of breaking into a system.
If someone does manage to guess the correct password, they are unable to do many attempts with it, as they will be quickly locked out. All in all, limiting login attempts is one of the best ways to secure your web application and keep it safe from any unauthorized access.
Monitoring the IP address of a web application can be an effective way to prevent brute force attacks. By monitoring which IPs are trying to access your site, it is possible to block any suspicious activity or patterns that could indicate a malicious attack attempt.
If the same IP address is seen multiple times attempting unsuccessfully to log in, this can be blocked as well. Moreover, keeping track of these IP addresses can provide insight into where the malicious actor is located, which can help with dealing with them appropriately.
Two-factor or multi-factor authentication provides an additional layer of protection for your accounts. When login into an account, 2FA requires users to confirm their identity before access is allowed.
When 2FA is enabled, for instance, you could be prompted to verify that you are the one trying to enter your email. You need to enter a unique code issued to your cell phone to confirm your identification before obtaining access to your account.
Completely Automated Public Turing Test to Tell Computers and Humans Apart is what CAPTCHA stands for.
In essence, CAPTCHAs are tasks that people can easily do but are challenging for automated computer systems to complete, such as recognizing patterns or clicking in a specified location on a web application. Web applications use them to prevent spam and bot activity.
A web application firewall or WAF can help prevent brute force attacks by monitoring and filtering incoming traffic to a web application. Here are a few ways a WAF can accomplish this:
- Block traffic from IP addresses that are known to be associated with brute force attacks.
- Limit the number of login attempts that can be made from a single IP address within a certain time period.
- Require users to prove they are human before they are allowed to login with CAPTCHA integration.
- Enforce authentication and access control mechanisms that ensure only authorized users are able to access the application
- Detect and block malicious payloads or patterns in the request from reaching the application.
It’s important to note that a WAF is one layer of defense and it’s important to have other security measures in place, such as using strong passwords, enabling two-factor authentication, and keeping systems up-to-date with the latest security patches.
Secure Your Server Against Brute Force Attacks
Brute force attacks are a serious cybersecurity threat in Malaysia. They involve the use of automated tools to repeatedly try different combinations of login credentials in order to gain unauthorized access to a system or network.
To protect against brute force attacks, it is important for individuals and organizations in Malaysia to use strong and unique passwords, enable two-factor authentication, and keep their systems and software up-to-date with the latest security patches.
At Spectrum Edge, we are committed to providing a range of services to help our customers get the most out of Fortinet products like FortiWeb. We offer pre-sales technical support, on-site installation and configuration, and ongoing maintenance and support.
Our team of certified experts can help you design, implement, and manage a comprehensive security solution that meets your unique business needs. Contact us today to build a stronger and more secure future for your organization with FortiWeb solution.