Danger: Getting Attacked with Brute Force

Alert Logic, an on-demand IT network security company dedicated to small and mid-sized businesses, has detected a dramatic spike in the number of “brute force” attacks on its SMB customer base. A particularly dangerous threat, brute force attacks are targeted against specific companies in which the attacker tries various ways to break into a company’s private network, continuing until a breakthrough occurs. Brute force attacks have a high success rate against companies with lax IT security measures and the inability to properly detect the attacks as they are happening.
Brute force attacks can be defended against through constant surveillance, up-to-date threat detection technology, quick reaction time to any security alerts, and the setting and maintaining of rigorous security policies. While many SMBs currently spend a great deal on IT security, they are still vulnerable to these attacks because most only have firewall and antivirus technology deployed, and most security vendors offer only watered-down versions of expensive enterprise systems requiring maintenance and monitoring that most SMBs simply do not have the resources for.
Alert Logic advises:
1) Brute force is a targeted attack, where many of the other attacks are just shotgun approaches (spam out thousands of emails and hope that one company has weak security or employees that open every attachment. And these are usually one try and done.) Brute force however, is a well designed attack that is aimed at a specific company. It sets its sites on a specific network and is programmed to keep attacking specific points. IE: ongoing random password/encryption tries until one works.
Brute force attacks are very sophisticated and dangerous. And they are targeted. That is one of the main differences.
2) Pretty much any brute force attack is as dangerous as any other. Really depends on the security measures a company is taking., ie: a company who has secured their database with weak encryption is in danger of being easily beaten by a brute force attack.
3) Actually, there are several methods to protect against brute force attacks. Good threat detection will pick up on an attack becuase there is a pattern to a brute force attack that can be seen. Constant surveillance of a network is another (that technology is available.) React quickly when you see one attack (waiting around to fortify the walls just gives the attack more time to succeed.) And put some serious security policies in place. Passwords of 1-2-3-4-5 or a standard name are pretty much asking for trouble.


About Ramon Ray

Ramon Ray, Marketing & Technology Evangelist, Smallbiztechnology.com & Infusionsoft. Full bio at http://www.ramonray.com . Check him out on Google Plus, Twitter or Facebook