brute force attack
We often read in the Sentryo magazine… Industry 4.0 is full of promises but also represents security threats for industrial networks! Of these threats, the most long-standing and persistent attack is, without a doubt, the brute force attack. How can you effectively protect yourself against this type of cyberattack? We analyze the vulnerabilities and the actions to implement to ensure your network is protected.

What is a brute force attack?

Carried out by hackers ever since access codes have existed, a brute force attack is a trial-and-error method that generates all possible combinations of characters that can make up a password and uses them to make multiple connection attempts to an account under siege. This attack is often carried out offline because it requires significant time and calculation capacities. This attack can also be carried out remotely on an authentication service available on the network, but in this specific example, the attackers often prefer to limit attempts to a list of passwords.  This is no longer known as a brute force attack but a dictionary attack. A concrete example of the effectiveness of this type of attack is Mirai botnet which infected hundreds of thousands of IoT devices with default password lists.

The stages of a brute force attack

This type of attack usually follows a standard scenario:

  • The hackers start by listing email accounts and remote access details used.
  • They then launch the brute force attack by testing the access details they identified with different character combinations.
  • Once the attack is successful, the attacker gains access and can then recover additional information such as global address lists (GAL). Attackers can also move horizontally on the network to further spread the attack.

An attacker’s final goal may be to penetrate the IT network to steal data, demand a ransom or damage the production processes carried out by the target organization.

The impact of a brute force attack on a company

  • Disclosure of confidential information and compromise of industrial secrets,
  • Disruptions to company operations which may jeopardize employees’ physical safety,
  • Financial consequences as a result of damage to the production process or need to restore IT systems and recover data,
  • Negative impact on company reputation.

Preventing and detecting a brute force attack

To provide protection against a brute force attack, you must check the effectiveness of your authentication procedures and implement measures that guarantee secure access to the network:

  • Limit the number of connection attempts before accounts are blocked
  • Multi-factor authentication (MFA) uses various criteria for more secure connection (knowledge, possession, inherent, time and geographic factors…)
  • Strong password policy:
    • Sufficient number of characters,
    • Alternating numbers, letters and special characters,
    • Regularly changing passwords,
    • Control procedures and measures to prevent weak passwords.

About passwords…

We recommend reading the memo released by ANSSI (French National Cybersecurity Agency).

In order to identify and block malicious or suspicious access attempts, make sure you map out your network and implement a powerful intrusion detection system.

In order to effectively fight against malicious attacks such as a brute force attack, you must reinforce authentication security and use a cybersecurity solution capable of detecting unusual events. Because prevention will always be more affordable than repairing damage after the fact!