By Ryan Klund - Business Development Associate
What would be the cost to your business if all of your customers were compromised, their credentials stolen and their accounts fraudulently charged because of an attack on your business?
$650,000 was the cost in fines alone for Dunkin’ Brands Group Inc. after agreeing to settle a lawsuit this fall with their customers. Dunkin’ was compromised by Brute Force style Attacks between 2015 – 2018 that compromised and stole money from thousands of customer accounts.
The Dunkin’ Doughnuts parent company is obviously a mega-corporation. They employ their own IT experts and cybersecurity professionals and still were unable to stop Brute Force Attacks to their business.
Small businesses around the United States are much more vulnerable to attack than Dunkin’. Infact, according to reports, Remote Desktop Protocol (RDP) brute force attacks have increased greatly since the world’s workforce shifted to remote work amidst the pandemic.
What is a Brute Force Attack?
A Brute Force cyber attack happens when an attacker submits as many passwords as possible trying to guess a combination correctly. Oftentimes attackers use bots to do the password guessing. Famously, a computer was designed to crack any 8-character password in less than 6 hours.
Types of Brute Force Attacks:
Simple Brute Force Atacks:
This type of attack happens when bad actors try to guess your credentials (hint*- make sure your password isn’t “password”)
This type of password cracking that uses a ‘dictionary’ of likely passwords against a single target.
Hybrid Brute Force Attacks:
These types of attacks blend Dictionary Attacks with Brute Force Attacks – guessing logical passwords along with random characters.
Reverse Brute Force Attacks:
This type of attack is when an attacker already has a password and will try different usernames until a combination is found. Often, hackers use leaked passwords from data breaches.
This type of attack takes advantage of people who use the same password for multiple websites. If a bad actor has a username and password combination from a leak, they will use the same combo on multiple websites to expose people who use the same passwords.
How to detect and prevent Brute Force Attacks
Brute Force Attacks are not the most sophisticated cyber-attacks, which is good! They are easier to protect against.
The best way to tell if your business is being attacked by a Brute Force Attack is to monitor unsuccessful attempts for logins to your website and if possible, limit the amount of attempts possible for logging in.
Make your passwords stronger
At SWICKtech we advise our clients to use a ‘pass-phrase’ or a series of words that will be easy for you to remember but will be long and difficult to crack. Other tips for making strong passwords are to use a mix of letters, numbers and signs and change your passwords from time to time.
Use a Password Manager
An easy solution for creating and keeping strong passwords is to use a password manager. Password managers are designed to provide access in an encrypted format that is not accessible to cyber criminals. There are many password managers on the market that are inexpensive and easy to use.
Use Multifactor Authentication
Sometimes we feel like a broken record talking about Multifactor Authentication (MFA) at SWICKtech, but the truth is that MFA is the #1 best way to secure your accounts from hackers. MFA requires a second form of authentication for you to access an account. A text or app on your cell phone might prompt you to confirm your identity or biometrics like a fingerprint or facial scan can also confirm that it’s you.
Consulting and partnering with IT Experts and Cybersecurity Professionals is your best bet for complete cybersecurity protection from threats. Oftentimes there are small changes that can be made to improve security immediately.
If you’re interested in having a conversation about your organizational security, reach out to us for a free 5-minute consultation.