SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
21 Nov 2014

How to detect brute force attacks?

Thanks to recent events involving certain celebrities’ stolen pictures, “brute-force attack” is now one of the hot buzz words making its rounds. As an IT professional - do you know what a brute force attack is, how to spot one when it happens, and how to prevent it?

A brute-force attack is, simply, an attack on a username, password, etc. that systematically checks all possible combinations until the correct one is found.

Scripts are usually used in these attacks to automate the process of arriving at the correct username/password combination. This is why time is of the essence when it comes to detecting and stopping a brute force attack – the more time the attacker has, the more passwords can be tried. Brute force attacks are one of the few hacks detectable by their volume, rather than their type. In your web (or proprietary app) logs, you’ll usually see a crazy amount of failed login attempts, usually originating from the same IP address.

You might even see the same account logging in over and over with different passwords from different IP addresses. The login url will show unusually high amounts of volume, and you might see odd and/or malformed referring urls (e.g. http://user:password@website.com/login.html).

In some cases, the attacker might run usernames and/or password attempts sequentially, providing a nice identifiable trend for your host intrusion detection or log correlation systems to pick up. False positives should be considered as well but should be easy to weed out. For instance, multiple login attempts from the same IP trying to access the same account with the same password might just be a web/mobile app that has yet to be updated or was not supplied the correct credentials in the first place.

While brute force attacks are not exactly an elegant or complex attack type, they can still slip through the cracks when you lack sufficient visibility into your environment’s security. You need a way to minimize the noise so you can prioritize the most immediate threats and respond to them first. AlienVault Unified Security Management (USM) provides IDS and log correlation powered by built-in correlation rules developed by the AlienVault Labs security research team to notify you immediately when patterns are observed that indicate an attack.

AlienVault USM’s intuitive, easy to use alarms dashboard displays threats and categorizes them as per the kill chain taxonomy, starting with the most serious system compromises. The larger the bubble, the more prevalent that type of threat was in the specified time period. By clicking on an individual alarm’s details, you get even more information about the suspect activity.

And, USM also checks the IP information against our Open Threat Exchange (OTX), the largest crowd-sourced threat intelligence exchange. In the example below, you can see details from OTX on the reputation of the IP, including any malicious activities associated with it.

While these events are being logged, normalized, and supplemented with OTX data, USM is watching out for event patterns that might indicate malicious activity. USM defines these attack patterns through built-in correlation directives that are updated weekly by the AlienVault Labs security research team.

Tags:
brute force information leaks password
Source:
The Hacker News
2663
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015