Brute-Force Attacks

/ Action, Blind spots, Blog, Cyber Security, cyber-criminals, Data Security, protection, Ransomware / By

Heads-up people, brute-force attacks are on the rise. Computer networks are being aggressively bombarded with billions of password-guessing attacks as cyber criminals attempt to exploit the growth in remote desktop protocol (RDP) and other cloud services in corporate environments. 

Cybersecurity researchers at ESET detected 55 billion new attempts at brute-force attacks between May and August 2021 alone – more than double the 27 billion attacks detected between January and April. Yes, you read that right, 55 billion with a “B” 😳 Let’s take a look at the common ways people are getting “in” to our computers, phones and systems.

geralt / 23412 images

How Hackers Access Our Information

  • Automated ways to guess our passwords.
    • One of the most popular targets for brute-force password-guessing attacks are RDP services
    • Cyber criminals are also going after public-facing SQL and SMB services. These services will often be secured with default passwords that attackers can take advantage of 
    • Individuals and networks are impacted by these brute-force attacks. Networks must pay special attention when they have a “single sign-on” password to all systems

Ways We Can Strengthen Our Defense

  • Require passwords to be more than a simple one word password (three words preferable; use numbers; and add symbols)
  • Specify the use of multi-factor authentication (MFA). MFA stops the attacker from gaining access by guessing the password. When additional factors of authentication are required, the attacker will not obtain entry without the addition form of verification
  • 99% of hacks have some type of password element, however that password was stolen. Using strong authentication will at least give you a first line of defense

MFA and Two Factor Authentication (2FA)

TechRepublic provides a free whitepaper download explaining how 2FA works. Here is the link to their download: https://www.techrepublic.com/resource-library/whitepapers/secure-your-data-with-two-factor-authentication-free-pdf/

CISA provides a Social Media Cybersecurity guide to MFA here: https://www.cisa.gov/sites/default/files/publications/NCSAM_MFAGuide_2020.pdf

TheDigitalArtist / 7494 images

Turn on 2FA

Many online accounts offer 2FA today. Have you turned on 2FA for these common accounts? After reading these brute-force attack articles this week, I will be updating my accounts 😉

  • Amazon:  following this link
  • Apple: available on IOS 9.0 and later. For those using iOS 10.3 or later, you can enable 2FA on your Apple ID by going to “Settings” > [Your Name] > “Password & Security” > “Two-Factor Authentication.” Turn on 2FA to receive a text message with a code each time you log in. For those using iOS 10.2 or earlier, the settings are under “iCloud” > “Apple ID” > “Password & Security”
  • Dropbox: Dropbox homepage on the web, click your profile avatar and select “Settings,” then go to the “Security” tab. Find “Two-Step Verification,” which will tell you the status of your 2FA. Toggle to turn the feature on and choose to receive 2FA through a text or your authenticator app
  • Facebook: The mobile and desktop versions differ and Facebook tends to change the layouts! Best to check under the Settings and Privacy menu, look for security and login or privacy shortcuts and account security areas
  • Google: The easiest way to turn on 2FA across your Google accounts (e.g., Gmail, YouTube, or Google Maps) is by heading over to the main 2FA landing page and clicking “Get Started”
  • Instagram: Yes, like Facebook, how to enable 2FA is different for the mobile and web. Check Settings, Security and/or Privacy and Security to begin
  • Microsoft: Log in to your Microsoft account and find the “Security settings” menu (there are several ways to get there; click on the link for the easiest). Look for the “Two-step verification” section and click on the setup link
  • PayPal: On the main Summary page, click the gear icon and select the “Security” tab. Look for the section called “2-step verification” and click on the “Set Up” link
  • Slack: Go to the “Account Settings” page to enable 2FA
  • Twitter: On the Twitter mobile app, tap the three-line “hamburger” icon at the top left of the screen and select “Settings and privacy.” Go to “Account” > “Security.” Tap “Two-factor authentication” and follow the directions

There are many more apps out there. If you have difficulty finding one you use, send me a note and I’ll search for you 🙂

Q4 Here We Are!

We’re in Q4 already! This is a great time to look back and see how you’ve done and look forward to build for tomorrow.

After years of working with people and businesses who avoid any advance planning/preparation, it is devastating when the unthinkable happens. Finding ways to make this easier for you to take care of the “necessary” recommended actions is my forte. Before Q4 gets away from you, let’s get you ready to close out the year strong!

Check out my website to learn about me and what I do: https://thelivingplanner.com Have questions, email me: Lynn@thelivingplanner.com

Take care of you –Lynn

#CareForPeople #CareForBusiness #LifeHacks

Scroll to Top