In another of our cyber security spotlight blogs we’re taking a look at password attacks to help you understand this particular type of common cyber-attack and how to avoid it.
What is it?
Password attacks can be carried out in many different ways, yet share the same end goal of trying to steal passwords in order to gain access to sensitive information. In this blog post we’re going to run through some of the most common ways in which hackers try and steal passwords. These are brute force attacks, dictionary attacks and key logger attacks. Hackers can also use Man in the Middle attacks to secure passwords too, so check out our previous cyber security spotlight to learn more about this method right now.
How does it work?
Key logger attacks
A key logger attack is a relatively sophisticated method of trying to steal passwords. It works by the hacker installing software that records a user’s keystrokes. This allows the hacker to gather everything from usernames and passwords, to the website where the information was entered. In this scenario, the hacker needs the user to fall victim to them twice, once to install the software and then again when the password is stolen. It is this type of attack where strong passwords offer the least protection.
Brute force attacks
As the name suggests, a brute force attack simply uses a program to generate likely passwords to try and access someone’s password protected files. Typically, it will start by trying weak passwords such as password123. This may sound relatively crude but while ever people continue to dismiss advice around creating strong passwords, this type of attack will continue to be effective for hackers.
Dictionary attacks
A dictionary attack is similar to a brute force attack however in this case, hackers take advantage of the fact that passwords tend to include common words. As a result, hackers will try combinations of these common words with numbers before or after them, in order to try and find a successful combination.
How can you protect against it?
Key logger attacks aside, it is always beneficial to create a strong password for any applications or websites you use regularly and that contain sensitive information. A strong password generally requires a mix of upper and lowercase letters, numbers and special characters. Where possible avoid common words as well to try and limit the effectiveness of dictionary attacks.
As a business is it also very important to make sure your staff are educated around the types of password attacks out there and are aware of social engineering tactics hackers may also use, to try and get users to disclose passwords via email or over the phone.
On top of this, it is always advisable to back up strong passwords with functionality such as two-factor or multi-factor authentication and single sign on (SSQ). Single sign on helps eliminate passwords altogether by allowing employees to use one set of credentials to login in to all their apps and websites. On the other hand, multi-factor authentication requires an additional piece of information, such as a pin, in order to login in to key sites and apps.
Previous examples of password attacks…
Arguably the largest brute force password attack to happen in recent years affected GitHub. This attack also proved to be quite successful as not just one account was comprised but several. During the attack, experts were able to identify brute force login attempts from over 40,000 unique IP addresses, so this demonstrates the scale these kinds of attack can take. Read about even more examples of brute force password attacks just here.
So, there you have it, a mini overview of password attacks and how to avoid them. If you think your business needs better cyber security don’t rest on your laurels, contact our team today.
Dynamic Insights & Advice
Dynamic Networks Group Continues Its Expansion
Dynamic Networks Group continues its expansion with the acquisition of Peak Support Services Ltd, a Derbyshire based Cloud MSP.
Dynamic Networks completes a Management Buyout and commences its acquisition strategy
David Smith (CEO) and Gareth Leece (COO) have successfully completed an MBO of Dynamic Networks, working with Paul Landsman of Kingland Capital. The MBO provides for a simplification of the Board structure to allow for its continued accelerated growth strategy.
10 reasons to archive your business emails in the cloud
For most organisations, email has become an essential part of daily workflow and communications. However, many businesses are unaware of the importance of archiving their emails and having an email retention strategy.
Planning a successful migration to the cloud
Moving to the cloud comes with multiple benefits. For most businesses, it usually means reducing running costs, faster modernisation capabilities and increased security.
2021 IT trends your business should be thinking about
Here are our top IT trends and predictions your business should be thinking about now to prepare for 2021.
The end of Skype for Business is closer than you think...
Microsoft have recently announced that Skype for Business Online will be retiring on July 31, 2021.