Stronger and more frequent brute force attacks are now the norm
The number and intensity of brute force attacks has increased dramatically over the first half of this year, according to new research from leading cyber security specialist Foregenix.
The number and intensity of brute force attacks – such as those which targeted the UK and Scottish Parliaments last year – has increased dramatically over the first half of this year, according to new research from leading cyber security specialist Foregenix.
Its analysis of data from more than 500 websites globally show that, apart from a dip in February, large-scale attacks have followed an upward trend over the first half of the year. May and June registered four attacks daily while the previous three months never recorded more than one attack a day.
The intensity of attacks also stepped up with the number of very large brute force attacks – defined as more than 30,000 malicious requests in a 10 minute period – ended on an unprecedented high of over 1.5 attacks daily after starting the year at half that level.
In a brute force attack, cyber criminals use automated software such as botnets to make multiple guesses about possible passwords to gain access to data or personal details.
Benjamin Hosack Chief Commercial Officer at Foregenix comments: 'Brute force attacks were once an occasional occurrence – typically we would see around one every three months or so. This data confirms what we are seeing on the ground. There is a very clear upward trend, not only in the frequency but also the intensity. Automated massive attacks are now the norm.
'Hackers are targeting organisations of all types in the public and private sectors. Smaller firms are seen as prime targets as their servers are often more vulnerable and, once breached, they can be used to launch new automated attacks that appear to come from a legitimate source.'
Hosack recommends organisations should strengthen their defences, for example by enforcing complex passwords, using challenge response tests such as solving a simple maths problem and account lockouts if a password is incorrect on a specific number of attempts.
Foregenix CEO Andrew Henwood comments: 'There's little reason to believe the trend will be reversed. The difficulty in catching the cyber criminals, the ease with which they can launch attacks and weak cyber defences especially in growth areas like the Internet of Things means brute force attacks are a long-term issue.
'Organisations need to take action to safeguard valuable data. Following straightforward security procedures can avert a serious incident that could have a devastating impact on a business.'
Foregenix develop cyber security software to detect online hackers supported by a threat intelligence team operating in 15 countries. Headquartered in the UK, it has offices in the USA, South Africa, Uruguay Germany and Australia and it opened a new operation in Brazil this year.
Graphics (please see attachment)
The horizontal axis represents months, starting with 1 January and ending 22 June, the vertical axis is the daily frequency of attacks.
Benjamin Hosack's image caption: "Attacks were far rarer and less intense as little as two years ago, today brute force attacks are just business as usual."
'Large-scale' attacks are defined as having more than 10,000 malicious requests in less than 10 minutes.
The largest brute force attack, recorded in June, was 3,547,074. The size of the average attack from January to June was 55,993.
Foregenix is a leading independent cyber security company dedicated to keeping the world's payment systems secure. With a decade of experience in the payment card industry (PCI), it helps merchants, payment processors and other operators to ensure they are securing their environments effectively whilst complying with industry security standards.
Foregenix works with clients in the Fintech, retail and e-commerce, hospitality, travel and insurance sectors, as well as banks and governments globally. Its specialists are drawn from backgrounds including law enforcement, counterterrorism and digital security.
Foregenix his headquartered in the UK and has offices in Australia, Brazil, Germany, South Africa, Uruguay and the USA and its consultancy teams operate in more than 15 countries.