A Brute Force attack is defined as a trial and error method used to decode encrypted data such as passwords through exhaustive effort (using brute force) rather than employing intellectual strategies.
Basically slam your site repeatedly in hopes of guessing your username and password to gain access.
We’ve seen a marked increase in these types of attacks on our clients websites in the last few years. We see hundreds of failed login attempts per day on the sites we secure. Sucuri (the security monitoring service we use) sees thousands per minute and has put out a report detailing the rise in Brute Force attacks since the beginning of 2015: https://sucuri.net/security-reports/brute-force/.
It’s an interesting read, but this graphic is simply startling:
What’s the takeaway here?
- Keep your log in page tight with a strong password.
- Continually monitor for any breach
- Consider limiting brute force attacks with a login limiter, or server side limits