How to Address Brute Force Attacks with AI
Most damaging and well-known brute force attacks per industry
Approximately 80% of all cyber attacks are brute force attacks, thanks to how successful they are in discovering weak passwords, especially for web applications. Additional evidence from the 2021 Data Breach Investigations Report shows that 89% of attempts to hack web applications use stolen credentials or brute-force attacks to abuse credentials.
In fact, recent research shows that in a typical week, about 10% of organizations are attacked by brute force. For instance, between May and mid-June of 2021, the number of attacks went up by 160%, to a weekly average of 26%, which was the highest number ever recorded. This means that every week, cybercriminals tried to take over the email accounts of one-quarter of all companies by using brute force attacks. The same research shows that during the busiest week, which was the week of June 6, 2021, the number of brute force attacks rose by 671% over the previous week's average, meaning cyber criminals used brute force attacks against 32.5% of all organizations.
Since the amount of time it takes for a brute force attack to work goes up exponentially, not linearly, password length is usually the most important factor in figuring out how safe a password is. Since most brute force algorithms aren't completely random and give more weight to dictionary words and common passwords, it's also important to enforce password policies that request passwords be complex.
Here’s a rundown of some of the most damaging and well-known brute-force attacks for several industries:
- Automotive: American automaker General Motors said that it was hit by a brute-force attack in the form of credential stuffing back in April 2022. According to a report of a data breach sent to the Attorney General of California, the attackers got access to personally identifiable information (PII) about customers and turned reward points into gift cards. The credential stuffing attack on General Motors did not take advantage of a weakness in the company's systems. Instead, it was caused by ongoing attacks on GM customer accounts that used "credential stuffing." General Motors said that the hackers who stole the credentials got them from third parties.
- Retail: In 2016, a brute force attack on the popular eCommerce platform Alibaba put the accounts of about 21 million users at risk. During the attack, which happened between October and November of that year, the attackers found out the usernames and passwords of 99 million users without their permission.
- Healthcare: During a brute force attack on the online member portal for Florida Blue (Blue Cross and Blue Shield of Florida), personal health information of up to 30,063 members was allegedly seen or taken by unauthorized cyber criminals. On June 8, 2021, attackers deployed a brute force attack on the site using a huge database of usernames and passwords from the internet. The database seems to have been made from hacked logins and passwords from third-party organizations that had security holes.
- Telecom: In a cyberattack on T-Mobile, a hacker claimed to have stolen the personal information of 100 million users. Even though the company admitted to the breach, it said that 40 million customers were affected. With the help of specialized tools and skills, the hacker used his knowledge of technical systems to get into testing environments. He then used brute force attacks and other methods to get into IT servers with client data.
- Government & military: Microsoft found brute-force cyberattacks in 2020 that were aimed at people and organizations involved in the 2020 presidential election. These attacks failed to get through to people working for both the Trump and Biden campaigns.
The scope of the losses and damages of brute force attacks
If a brute force attack works, it could lead to unauthorized access, data theft, accounts or systems being taken over, the spread of malware, and more which may lead to dramatic negative results for any company. Some of the brute force possible scenarios include:
Profit from Ads. A hacker may use brute force to attack a website or several websites in order to make money from advertising commission.
Destroy a Company or Website’s Reputation. Brute force attacks are often launched in an attempt to steal data from an organization, which not only costs them financially but also causes huge reputational damage. Websites can also be targeted with attacks that infest them with obscene or offensive text and images, thereby denigrating their reputation, which could lead to them being taken down.
Steal Personal Data. Hacking into a user's personal account can give hackers access to a wealth of information, from their finances and bank accounts to private medical information. If an attacker gets access to a person's account, they can steal their money, sell their login information to third parties, or use the information to launch larger attacks. Personal information and login credentials can also be stolen when hackers get into sensitive corporate databases through data breaches.
Consequences of a brute force attack:
Spread Malware. Most of the time, attacks of force are not personal. A hacker may just want to cause trouble and show off how bad they are. They might do this by sending malware through email or SMS (Short Message Service) messages, hiding malware on a fake website that looks like a real one, or sending website visitors to malicious sites.
By putting malware on a user's computer, an attacker can gain access to other systems and networks and launch larger cyberattacks against organizations.
Override Security Protocols for Malicious Purposes. Malicious people can use a group of devices, called a botnet, to launch broader attacks by using brute force attacks. Usually, this is a distributed denial-of-service (DDoS) attack that tries to overwhelm the security systems and defenses of the target.
Destroy a Company’s Reputation. Brute force attacks are often launched in an attempt to steal data from an organization, which not only costs them financially but also causes huge reputational damage. Websites can also be targeted with attacks that infest them with obscene or offensive text and images, thereby denigrating their reputation, which could lead to them being taken down.
With brute force attacks, there are two main issues:
- Trying to steal/guess credentials. Brute force attacks are successful if remote users or endpoints use unsafe passwords or compromised credentials.
- Overhauling network and endpoints that turn into a Denial of Service (DoS) stream
Typically, to carry out any of these scenarios, brute force attacks employ massive computing resources. To tackle this, hackers have built hardware solutions that simplify the process, such as integrating the central processing unit (CPU) and graphics processing unit (GPU) of a device (GPU). Adding the computing engine of the GPU enables a system to handle multiple tasks simultaneously and dramatically increases the rate at which hackers can crack passwords.
How AI EdgeLabs helps address brute force risks and threats
AI EdgeLabs is rooted in Machine Learning algorithms that allow the platform to detect even the slightest anomaly. Several things can be done with AI EdgeLabs’ machine learning models to deal with the risks and threats of brute force attacks:
- Detecting brute force attacks at login activity and stopping them: AI EdgeLabs looks and finds the earliest signs of patterns that could be signs of a brute force attack. For example, a certain number of failed login attempts from the same IP address or the use of common passwords could be signs of a brute force attack. If a brute force attack is found, the ML model automatically sends out alerts and blocks the IP address or addresses that were used in the attack. This stops the attacker from trying again.
- The earliest detection with network headers. This method depends on the details of the attack and the information in the network headers. We use network headers to find brute force attacks faster and easier. Network headers include the source and destination IP addresses, the protocol, and the port number. This information can be looked at quickly to find possible threats, without having to look at the full contents of data packets. Another benefit of using network headers is that we can find attacks without having to store or look at large quantities of data. This can be helpful when there aren't enough storage or processing resources, which is especially important when we talk about the Edge and IoT scenarios.
- Overall, ML models can be used to find and stop brute force attacks, and they can also help organizations improve their overall security.
Next, we’ll review in detail how the AI EdgeLabs dashboard provides unique value when it comes to brute force attacks.
The AI EdgeLabs Dashboard
The AI EdgeLabs dashboard delivers the following capabilities that make it seamless to see, understand and act upon threats, risks, and attacks.
Whether brute force attacks happen often or rarely, organizations looking to take concrete steps to improve security will need more than just stopping an attack. For this reason, it’s important to look closely at the reasons and attack vectors behind an attack. Leveraging the AI EdgeLabs easy-to-use dashboard, organizations can see, filter, and learn more about data and how an attack happened.
With details about elements such as user account, source IP, hostname, server, IoT device, and more, organizations can visualize information quickly and accurately to take immediate action. Organizations can also filter data, segment, or identify patterns and data relationships.
Also, the AI EdgeLabs dashboard has a dedicated space for Security Operations Teams to gain extensive knowledge about attack and security weaknesses. The dashboard provides visualization tools for advanced attack surface visibility and recommends mitigation actions.
The AI EdgeLabs dashboard allows organizations to historically visualize attack velocity and system impact with robust settings for automated incident response.
The AI EdgeLabs extended detection and response (XDR) platform provides users with advanced network visibility. It quickly and accurately tells genuine, legitimate traffic from unwanted, anomalous, unauthorized traffic. Most brute force attacks are performed by malicious bots, so having a dedicated XDR platform look after your traffic goes a long way toward stopping the issue at its source.
Overall, the best protection against brute force attacks is monitoring to stop attacks before they even have a chance to cause harm. AI EdgeLabs constantly monitors your edge network, IoT devices, endpoints, servers, and all of your infrastructure with the help of tailored-made threat models and intelligence software to watch out for known and unknown signals of a brute force attack, and any other cyber attack for that matter. If a brute force attack is found, the ML model automatically sends out alerts and blocks the IP address or addresses that were used in the attack. This stops the attacker from trying again.