With the massive shift to remote work over the past few years, brute force attacks have reemerged as a common threat vector. Attackers are taking advantage of more employees accessing networks from home to blast company logins with credential stuffing and automated brute force tools.
Brute force attacks involve an attacker trying every possible password combination to guess user credentials. This outdated yet persistent technique can provide access to accounts, networks, databases, and other systems protected by a password.
Modern brute forcing is often powered by botnets running sophisticated password-cracking scripts. By distributing the workload, millions of login attempts can be thrown at a target website or remote access portal. Credential stuffing takes advantage of passwords leaked in prior breaches being reused on other sites.
According to recent reports brute force RDP attacks increased significantly worldwide since 2020 as remote work expanded attack surfaces. Organizations like Cathay Pacific and government bodies have fallen victim to large-scale brute forcing.
Here are some tips to safeguard your remote workforce:
- Implement strong password policies and multifactor authentication for all remote access and VPNs. This includes rate-limiting login attempts.
- Monitor logs for sudden spikes in failed logins from particular IP addresses. Block sources exceeding thresholds.
- For remote desktop services, utilize tools like Microsoft’s Account Lockout Policy to lock accounts after 10 failed login attempts.
- Use a VPN for all remote access with additional identity verification. Require device certificates on VPNs.
- Educate employees on using password managers and unique complex passwords for every account.
- Update remote access services and operating systems regularly to close vulnerabilities.
With the broad adoption of remote work, organizations must reevaluate their authentication policies and monitoring to deter brute-force attacks. Though unsophisticated, automated brute-forcing at scale can still overwhelm defenses. Placing common-sense barriers makes your team less susceptible to this old-school attack technique.