Overview
A brute force attack is a method where an attacker tries many possible passwords or keys until one succeeds. It is a simple but effective technique that exploits weak or predictable credentials. Rather than relying on sophisticated exploits, brute force attacks depend on computing power and time to guess logins or decrypt encrypted data.
How It Affects Businesses
For organisations, brute force attacks can lead to unauthorised access to user accounts, administrative consoles, or cloud services. Once attackers gain entry, they can steal data, deploy malware, or escalate privileges. The risk is higher when systems use weak passwords, default credentials, or lack account lockout policies.
Common Variants
-
Credential stuffing: Uses lists of usernames and passwords leaked from other breaches to try access across sites.
-
Dictionary attacks: Tries common words and variations instead of every possible character combination.
-
Hybrid attacks: Combines dictionary words with numbers or symbols to improve success rates.
Defence Measures
Strong defences reduce exposure. Enforce multi-factor authentication and use rate limiting or account lockouts to stop repeated attempts. Deploy monitoring and anomaly detection to spot unusual login patterns. Encourage long, unique passwords and consider password managers and passwordless options for better security.
