This post is part of our Cyber Threat Series.
Hackers use Brute Force Attacks to target a single service exposed to the Internet, including Remote Desktop, Outlook Web Access, and email services. Brute Force Attacks gain access by trying every viable access method or password.
Hackers use these attacks to access your data or to install other malware within your systems. Patient hackers space out attempts; they are difficult to notice or detect. When hackers rush, the impact can be similar to a DDOS attack.
Hackers can launch Brute Force Attacks externally or from malware-infected systems on your network. Internal attacks often target specific systems and vulnerabilities, such as SQL Server and SQL Injection vulnerabilities.
What to Do:
Require robust passwords; they are your first protection from Brute Force Attacks. Put controls in place to enforce best-practice password structure and expiring passwords can thwart an attack.
Deploy Multi-Factor Authentication. MFA creates and additional level of protection since a compromised password is not sufficient for access.
To protect against internal attacks, ensure systems run current operating system versions. Keep all systems current with patches and updates.
Deploy “Next Gen” protections to keep Brute Force Attack malware from making it onto your servers and clients:
- Advanced threat protection (ATP) for email
- Endpoint and mobile device protection
- DNS security and protection
- Web protection and filtering
Contact us to discuss your cyber threat protections. The Cloud Advisory session is complimentary and without obligation.