Businesses in the Europe, Middle East and Africa (EMEA) region are most often targeted with brute force attacks, a new report suggests. Brute force is a type of attack in which a hacker tries to guess the password by trying countless combinations until he / she gets it right.
According to the Application Protection Report 2019 issued by F5 Labs, of all the attacks that the company logged in EMEA for last year, almost half (43.5 per cent) were brute force attacks. Canada was close second with 41.7 per cent, while the US (33.3 per cent) and the APAC region (9.5 per cent) followed behind.
Hackers mostly target organisations in the public services sector (50 per cent of all attacks were brute force), followed by financial services (47.8 per cent), healthcare (41.7 per cent) education (27.3 per cent) and service providers (25 per cent).
“Depending on how robust your monitoring capabilities are, brute force attacks can appear innocuous, like a legitimate login with correct username and password,” said Ray Pompon, Principal Threat Research Evangelist, F5 Networks. “Attacks of this nature can be hard to spot because, as far as the system is concerned, the attacker appears to be the rightful user.”
Hackers mostly focus on HTTP form-based authentication, web authentication forms in the browser, Outlook web access, Office 365 and ADFS.
Overall, email is the most targeted service when it comes to brute force attacks.
“While access attack tactics will certainly change as defensive technologies become more advanced, the core principles to stay safe will remain significant for the foreseeable future,” said Pompon.
“To start, make sure your system can at least detect brute force attacks. One of the main challenges is that confidentiality and integrity can sometimes find themselves at odds with availability. It is important to establish reset mechanisms that work for both the organisation and its users. It is not enough to set up some firewall alarms on brute force attempts and take a nap. You have to test monitoring and response controls, run incident response scenario tests, and develop incident response playbooks so that you can react quickly and reliably.”