Brute Force
In the context of cybersecurity, Brute Force is a cyberattack method that involves systematically and exhaustively trying every possible combination of characters to guess a password, encryption key, or login credential. The attack works by repeatedly submitting different permutations of a credential until the correct one is found.
This method is often considered a last resort for attackers because it is time-consuming and computationally intensive. However, with modern computing power and the availability of vast lists of common passwords, it can be very effective, especially against systems with weak or no security measures like account lockout policies.
There are several variations of brute force attacks:
Simple Brute Force: Trying every single combination of characters from a defined set (e.g., all lowercase letters, numbers, and special characters) until the correct one is found.
Dictionary Attack: A more refined version that uses a list of common words, phrases, and previously leaked passwords as its dictionary. This is significantly faster than a simple brute-force attack.
Hybrid Attack: This combines a dictionary attack with a simple brute-force attack, attempting common words and phrases and then adding numbers or special characters to them.
The primary defense against brute force attacks is to implement strong security measures, such as multi-factor authentication (MFA), account lockout policies after a certain number of failed login attempts, and robust password policies that require a combination of different character types and a minimum length.
ThreatNG is an external attack surface management, digital risk protection, and security ratings solution that helps organizations manage Brute Force risk by identifying and assessing the publicly available information an attacker would use to launch such an attack. It provides an outside-in view of an organization's digital footprint, enabling the identification of potential weaknesses.
ThreatNG’s Role in Managing Brute Force Risk
ThreatNG performs purely external unauthenticated discovery to find public-facing assets that attackers could target with brute force attacks. This is crucial for managing brute force risk because it provides an inventory of all publicly available information an attacker could use. ThreatNG's discovery capabilities include:
Online Sharing Exposure: ThreatNG identifies organizational entities on platforms such as Pastebin, GitHub Gist, Scribd, and others.
Archived Web Pages: It identifies all archived content from the organization’s online presence, including emails, usernames, admin pages, and other sensitive files.
Search Engine Exploitation: It helps users investigate an organization’s susceptibility to exposing sensitive information via search engines.
Subdomain Intelligence: This module analyzes subdomains for various factors, including HTTP responses, header analysis, cloud hosting, and open ports, and checks for remote access services such as SSH, RDP, and VNC.
Domain Intelligence: This module performs a comprehensive analysis of a website's subdomains, DNS records, and SSL certificate statuses. It also includes
Email Intelligence that finds harvested emails.
Example of ThreatNG Helping: ThreatNG's discovery capabilities would find employee usernames and email addresses that have been archived on a public website. An attacker could use this information to launch a brute force attack against the organization.
ThreatNG assesses the risk of the newly discovered assets to provide context and prioritization. Its assessments directly relate to brute force risk.
Data Leak Susceptibility: This score is derived from external attack surface and digital risk intelligence based on Cloud and SaaS Exposure, Dark Web Presence (Compromised Credentials), Domain Intelligence, and Sentiment and Financials. If an organization's credentials or other sensitive information are found on the dark web, it increases the risk of a data leak and brute force attacks.
BEC & Phishing Susceptibility: This score is derived from Sentiment and Financials Findings, Domain Intelligence (which includes DNS Intelligence capabilities such as Domain Name Permutations and Web3 Domain availability and usage; and Email Intelligence that provides email security presence and format prediction), and Dark Web Presence (including Compromised Credentials). The score provides a measure of how vulnerable an organization is to BEC and phishing attacks, which are common forms of social engineering that can lead to credential compromise and subsequent brute force attacks.
Breach & Ransomware Susceptibility: This score is derived from external attack surface and digital risk intelligence, which includes domain intelligence (exposed sensitive ports, exposed private IPs, and known vulnerabilities), dark web presence (compromised credentials and ransomware events and gang activity), and sentiment and financials (SEC Form 8-Ks). If an organization's credentials are found on the dark web, it is a direct indicator of increased susceptibility to breaches and ransomware, and can be used in brute force attacks.
Example of ThreatNG's Help: ThreatNG's external assessment capabilities would identify employee usernames and email addresses on the dark web. This would increase the "Data Leak Susceptibility" score and serve as an indicator of an organization's vulnerability to brute force.
ThreatNG's reports, which include Executive, Technical, and Prioritized (High, Medium, Low, and Informational), are essential for communicating the state of the organization's brute force risk. These reports would detail the findings, their associated risks, and the specific vulnerabilities found.
Example of ThreatNG Helping: A technical report from ThreatNG would show that an organization has a high "Data Leak Susceptibility" score due to compromised credentials on the dark web. The report would then provide recommendations for mitigating these risks.
ThreatNG continuously monitors an organization's external attack surface, digital risk, and security ratings. This is crucial for managing brute force risk because it ensures that the organization's inventory of public-facing assets is always up to date. As new assets are added, ThreatNG automatically discovers and assesses them, preventing them from becoming blind spots.
Example of ThreatNG Helping: An organization's employee email addresses and usernames are found on a new public paste site. ThreatNG's continuous monitoring would detect this new exposure and flag it as a potential brute force risk.
ThreatNG's investigation modules allow for a deep-dive into specific areas of the attack surface, which is vital for understanding brute force risk.
Domain Intelligence: This module is crucial for assessing the risk of brute force attacks. Its
Email Intelligence capability finds harvested emails and analyzes a domain’s email security presence.Dark Web Presence: The Dark Web Presence module identifies compromised credentials and mentions of organizations on the dark web. If employee email addresses or credentials are found on the dark web, it significantly increases the risk of brute force attacks.
Archived Web Pages: This module finds archived emails and other information that attackers could use to launch brute force campaigns.
Example of ThreatNG Helping: An investigation using the Dark Web Presence module reveals that a list of compromised credentials includes employee email addresses. This finding helps the security team understand the technical vulnerability that makes the organization susceptible to brute force.
ThreatNG's intelligence repositories, known as DarCache, provide critical context for assessing the risk of brute force attacks.
Compromised Credentials (DarCache Rupture): This repository contains information on compromised credentials. If employee email addresses or credentials are found in a list of compromised credentials, it is a direct indicator of increased risk from brute force attacks.
SEC Form 8-Ks (DarCache 8-K): This repository contains information from SEC filings. This information could be used to identify key personnel and organizational changes that could be exploited in a social engineering attack, potentially leading to a brute force attack.
Ransomware Groups and Activities (DarCache Ransomware): This repository tracks over 70 ransomware gangs. Information from this repository could be used to identify if an organization is being targeted by a ransomware gang that uses brute force as an initial entry vector.
Example of ThreatNG Helping: DarCache Rupture identifies a list of compromised credentials that includes employee email addresses. This allows the security team to prioritize a password reset for all affected employees and to enhance awareness training against brute force attacks.
Synergies with Complementary Solutions
Other security solutions can complement ThreatNG's external focus on brute force risk.
Complementary Solutions: Password Managers and Single Sign-On (SSO) Solutions: ThreatNG's discovery of compromised credentials can be used to justify and enforce the use of password managers and SSO solutions. This enables organizations to manage credentials and reduce the risk of password reuse securely.
Complementary Solutions: Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) Platforms: ThreatNG's alerts on newly discovered brute force risks can be ingested by a SIEM for consolidated logging. A SOAR platform can then use these alerts to automate response actions, such as sending a warning to all employees about a new brute force campaign or triggering a workflow to block a newly discovered malicious domain.
Complementary Solutions: Identity and Access Management (IAM) Solutions: ThreatNG's discovery of compromised credentials can be used to inform and improve an organization's IAM policies. This enables an organization to categorize sensitive data and implement suitable controls to prevent it from being compromised in the future.
