The number and intensity of brute force attacks – such as those which targeted the UK and Scottish Parliaments last year – has increased dramatically over the first half of this year, according to new research from leading cyber security specialist Foregenix.
Its analysis of data from more than 500 websites globally show that, apart from a dip in February, large-scale attacks have followed an upward trend over the first half of the year. May and June registered four attacks ddaily while the previous three months never recorded more than one attack a day.
The intensity of attacks also stepped up with the number of very large brute force attacks – defined as more than 30,000 malicious requests in a 10 minute period – ended on an unprecedented high of over 1.5 attacks daily after starting the year at half that level.
In a brute force attack, cyber criminals use automated software such as botnets to make multiple guesses about possible passwords to gain access to data or personal details.
Benjamin Hosack Chief Commercial Officer at Foregenix comments: ‘Brute force attacks were once an occasional occurrence – typically we would see around one every three months or so. This data confirms what we are seeing on the ground. There is a very clear upward trend, not only in the frequency but also the intensity. Automated massive attacks are now the norm.
‘Hackers are targeting organisations of all types in the public and private sectors. Smaller firms are seen as prime targets as their servers are often more vulnerable and, once breached, they can be used to launch new automated attacks that appear to come from a legitimate source.’
Hosack recommends organisations should strengthen their defences, for example by enforcing complex passwords, using challenge response tests such as solving a simple maths problem and accountlockouts if a password is incorrect on a specific number of attempts.
Foregenix CEO Andrew Henwood comments: ‘There’s little reason to believe the trend will be reversed. The difficulty in catching the cyber criminals, the ease with which they can launch attacks and weak cyber defences especially in growth areas like the Internet of Things means brute force attacks are a long-term issue.
‘Organisations need to take action to safeguard valuable data. Following straightforward security procedures can avert a serious incident that could have a devastating impact on a business.’