Brute force and dictionary attacks up 400 percent in 2017
Brute force and dictionary attacks up 400 percent in 2017
Hacking attempts using brute force or dictionary attacks have increased 400 percent in 2017, according to a new report.

The eSentire 2017 Annual Threat Report said that while most of these detections originated from known hosts and were automatically blocked, two thirds of all bruteforce attacks were mitigated using reputation data, compared to just over half of all social engineering attacks

It said that this implied that the infrastructure used in bruteforce attacks is often recycled, whereas social engineering attacks operate from disposable infrastructure. It said its labs had experienced anywhere from 100 to 600 bruteforce and dictionary attempts, coming from 10 to 20 different IP addresses, each hour. It added that the top three usernames attempted were ‘root', ‘admin' and ‘enable'. The top three passwords used were ‘system', ‘sh' and ‘admin'. The top locations from which attacks were launched were China, Brazil and the US.

The report also found that in 2017, nearly 22 percent of phishing attacks were successful with DocuSign, Google, and Outlook 365 are the most prominent and successful lures used in phishing attacks. It said that DocuSign, which accounted for 30 attempts and 14 successes, was the most common attack.

“However, the highest success rate came from lures fashioned after Google and Outlook365 login pages. Facebook, Apple and Dropbox had a high success rate too, but the small sample size (less than 5 attempts) reduces the certainty that these events were representative in cyber-space at large,” said the report.

Attacks on vertical industries

Biotechnology leads other vertical markets in increased number of attacks, showing a 90 percent increase in alerts sent on hostile traffic.

“The finance industry is a likely target for financially-motivated attackers. Due to regulatory requirements, much of the threat surface in the financial industry is becoming hardened and it tends to represent a lower overall volume of hostile traffic than other industries. However, threat actors are constantly trying to find new ways to compromise the financial sector, given the low risk and large potential rewards available,” the report said.

It added that the healthcare industry has received an increased share of the spotlight following the WannaCry outbreak that affected Britain's National Health Services (NHS) in May.

“As critical systems were compromised, hospitals had to cancel thousands of patient appointments. While no cases of harm to patients were reported, the collateral damage caused by WannaCry serves as a reminder that cyber-attacks can carry real world consequences,” said the report.

Home routers an attractive target

Home-based network infrastructure is an attractive target, according to eSentire. It saw a phenomenal growth of attacks against consumer-grade Netgear and Linksys routers. But in a bid to reduce overhead, hosts attempting these exploits did not bother to profile the target prior to launching attacks.

It added that this increase in scanning efficiency comes at a cost, in that scan nodes are more quickly identified and blacklisted.

“However, this fact is irrelevant if disposable infrastructure (such as IoT devices assimilated into a botnet) is used. It is our assumption that the increase in attacks against these devices can be attributed to the perceived value in recruiting devices for attacks, as opposed to leveraging them as potential network entry-points,” said the report.

Will Gragido, director of Advanced Threat Protection at Digital Guardian, told SC Media UK that the uptick in brute force attacks is likely tied to the explosive growth in SaaS delivered and driven platforms, mobile applications, and IoT devices; which have impacted sectors such as industrial, biomedical, commercial, and consumer. 

“The user credentials - login name and passwords - to access these systems are highly sought out quantities so it is no surprise to see an increase in attacks associated with the use of stolen or fraudulently acquired credentials,” he added.

Paul Ducklin, senior technologist at Sophos, told SC media UK that there is no such thing as a 'low value or a 'no value' online account for which it's OK to have a rubbish password. 

“Any time the crooks can figure out one of your passwords, they can show up online as you, misbehave as you, mislead and mistreat your friends in the guise of you, conduct further cyber-crimes as you, and so on. That always ends badly, both for your friends and colleagues, and for you,” he said.

Hiwot Mendahun, cyber-security analyst at Mimecast, told SC Media UK that phishing campaigns continue to evolve and the use of known brands such as Docusign, Google and Outlook 365 are proving a great method for attacker to lure users to providing credentials and click on malicious attachments.
 
“These are all services that employees regularly interact with and there is a high level of trust for these brands and this trust is what attackers can use to get what they want. When you see a message or a website with logos, images and content that you're very familiar you may be less likely to be question the validity,” she said.

“This is why in addition to having multiple layers of security checks on links and attachments within emails we also need to help users become more aware of these threats and get them to stop and think before they click.”