190 likes | 376 Views
The aim of this PPT is to provide comprehensive information on the cyber attack called Brute Force Attack, including but not limited to its aim, its types and the measures that need to be taken to keep at bay such a cyber attack.<br>
E N D
Table of Contents • Websites and Web Hosting Service Providers • Brute Force Attack • Hackers’ Gain through Brute Force Attack • Aim of Brute Force Attack • Brute Force Attack Tools • Automated Tools’ Features for Brute Force Attacks • Types of Brute Force Attack • Simple Brute Force Attacks • Dictionary attacks • Hybrid Brute Force Attacks • Reverse Brute Force Attacks • Credential Stuffing • Protection against Brute Force Attacks • Conclusion
Websites and Web Hosting Companies • We live in a world where the Internet has become an integral part of our day-to-day lives. Each day we visit many websites but most of us don’t know how these websites are made accessible to us. Each and every website that we visit, is hosted on the web server of a web hosting company. These web hosting companies, which are also called web hosts, are responsible for leasing server space to various website owners, along with providing them the services and the technologies that are needed by a website,in order for it to be accessible over the Internet for online viewing. • When one refers to the “Best Windows Hosting Company” or to a “Cloud Hosting Company” or even to “Website Hosting Companies in India”or abroad, one is essentially referring to these website hosting service providers.
Brute Force Attack • It is a cryptographic hack that uses trial-and-error method to guess login information, encryption keys and/or find a hidden web page. It is also known as an exhaustive search. In it the hacker tries to unearth the right password by guessing all possible combinations of the targeted password. Such cyber attacks are called Brute Force Attack as these attacks are done using brute force i.e. forceful attempts are made excessively, to hack the account. The amount of time that will be needed to hack an account can range from a few seconds to years depending on the complexity of the targeted password. Hence, it can be time consuming and difficult to execute if data obfuscation method is used. Despite being an old method, it is effective and popular with hackers even now. Hence, to avert it, it is advisable to make use of a strong password policy.
Hackers’ Gain through Brute Force Attack • Despite the effort that goes into it, hackers benefit in the following ways from a Brute Force Attack: • Hijacking the targeted system for malicious activity • Stealing personal data and important information • Profiting from advertisements and/or collected data of activities • Spreading malware to cause disruptions • Ruining the targeted website’s reputation
1-800-123 -8156 Whoa! That’s a big number, aren’t you proud?
Aim of Brute Force Attack • It aims to fulfil the following purposes, which are mentioned in no particular order: • To steal personal information, such as, passwords, passphrases and other confidential information • To redirect domains to sites holding malicious content • To harvest credentials and then sell those to third-parties • To spread fake content or send phishing links by posing as users • To damage the reputation of the targeted organization
Brute Force Attack Tools In this type of a cyber attack, the attacker has at his disposal automated software that takes the aid of computing to systematically check various password combinations until the correct one is found. To fulfil this purpose, a brute force password cracking application is required. Such an application uses rapid-fire guessing, which creates every possible password and attempts to use it. These kind of software can provide a single dictionary word password within a second. Some of the popular tools for it, are mentioned below: • John the Ripper • Aircrack-ng • RainbowCrack • L0phtCrack
Automated Tools’ Features for Brute Force Attacks These tools have in-built programs that aid in Brute Force Attacks in the following ways: • Allow hackers to crack wireless modems • Decrypt passwords that are in encrypted storage • Translate words and run all possible combinations of characters • Work against many computer protocols, such as, FTP, SMPT, MySQL and Telnet • Identify weak passwords • Execute dictionary attacks.
Types of Brute Force Attack Each of the below mentioned Brute Force Attacks, uses a different method to find confidential data. These types of brute force attacks are mentioned below, in no particular order. • Simple Brute Force Attacks • Dictionary Attacks • Hybrid Brute Force Attacks • Reverse Brute Force Attacks • Credential Stuffing In the following slides the above mentioned brute force attacks are explained in brief.
Simple Brute Force Attacks In it hackers attempt to logically guess the user’s credentials. It doesn’t take the help of software tools or other means. Extremely simple passwords and PINs can be unearthed in this way.
Dictionary Attacks When a hacker chooses a target and runs a list of possible passwords against that username, it is known as a dictionary attack. Dictionary attacks are the most basic form of brute force attacks. Despite being cumbersome, these are used very frequently as an important tool for discovering passwords.
Hybrid Brute Force Attacks In this kind of hacking, a hacker combines outside aids with his guesswork in an attempt to make the cyber attack successful. As the name suggests, it is hybrid in form and usually makes use of dictionary and brute force attacks. This kind of a cyber attack is used to unearth passwords that combine common words with random characters.
Reverse Brute Force Attacks In reverse brute force attack, the attack strategy is reversed by starting with a known password. Next, the hackers search numerous usernames, until a match is found. Most of these cyber criminals start with leaked passwords, which are available online due to past data breaches.
Credential Stuffing This kind of brute force attack happens when a known username and password pairis used by the hacker to gain access to other websites and network resources. To avoid becoming a victim of it, precautions should be taken, such as using two-factor authentication and using different passwords for different network resources.
Protection against Brute Force Attacks • The following measures can ensure considerable protection against brute force attacks: • Implementing captcha • Increasing password complexity • Increasing password length • Using multi-factor authentication • Limiting login attempts
Conclusion A brute force attack, which is also known as brute force cracking, is one of the many cybercrimes that endanger the security aspect of one’s confidential data, such as usernames and passwords. Hence, it becomes extremely crucial to take every precaution to keep at bay as well as foil these kind of cyber attacks.
Thanks! ANY QUESTIONS? www.htshosting.org www.htshosting.org/best-web-hosting-company-India www.htshosting.org/best-windows-hosting www.htshosting.org/best-cloud-hosting-company