Brute force attacks refer to repetitive attempts to guess the login credentials of websites’ user accounts or administrative backends. By gaining access to a hacked account the attacker may be able to hijack the website, steal valuable data, or alter user facing content.
As you might expect, guessing a username and password combination can require thousands or millions of attempts before being successful. For this reason it’s not feasible for attackers to execute a brute force attack themselves, but instead deploy scripts – known as bots – to automatically cycle through combinations day and night until finally guessing correctly. Compared to other modern cyber attacks, brute force scripts are simplistic and without any advanced mathematics or A.I., but nevertheless pose a significant risk to unsecured websites.
At Access Watch we’re tracking all types of robotic traffic across our network of websites. Brute force attacks are one of the most common threats to all websites- and the Mars bot is currently the most active of them all! Amazingly, Mars was present on 54% of total websites plugged into the Access Watch in August. That level of activity beats out the bots from common and harmless services like Facebook, Yahoo and Twitter.
What exactly is Mars doing?
Across different websites Mars displays a fairly consistent pattern of behavior. Initially, only 2 to 3 requests are made as it assesses the login form, without the bot carry out any attempts at username + password combinations. These initial checks are done at scale across a very large volume of websites.
Following the initial probe Mars will begin to brute force a page’s login form. However, not all websites first visited are targeted for attack, in August actual Mars attacks were measured on 43% of the total websites it reached. Brute force attempts are spread across hundreds or thousands of IP addresses with an average of 4 attempts made from one IP before the bot moves on. This strategy employed by Mars is a simplistic attempt to avoid IP blacklists, login security rules and filters.
The brute force attack is sustained for a period of a few hours in most cases. If Mars has failed to guess the correct combination at that point, the bot will move on to it’s next target.
What happens if you’re hacked by Mars?
Brute force robots are attempting to take over websites or user accounts. By correcting guessing the admin username and password for a website, Mars can immediately adjust user permissions, thereby hijacking the website.
- Alter content & spam – with administrative access the bot may be free to change or alter content and features on your website, severely damaging your brand’s reputation or user experience.
- Steal data – depending on the type of account accessed, private or sensitive data belonging to your company or users can be easily be stolen.
- Virus distribution– an attack can be set to trigger downloads of viruses or malware by your users.
- Redirect – a new URL can be set as the destination for traffic intending to land on your webpage.
Additionally, many people tend to repeat login credentials over multiple websites or applications. The correctly guessed username and password combination can subsequently be used to gain access to additional accounts or websites.
Brute force bots targeting accounts of your customers or users also pose a significant risk to your business. Private and valuable data is often stolen when a bot forces it’s way into these accounts. This can include personal identity information, credit card, bank and other payment related data.
Prevent brute force attacks.
Access Watch provides a security layer against brute force attacks. Threats identified in your website traffic are used to form a complete robot signature. From there, the entire entity is prevented from carrying out it’s attack. As opposed to simple IP address blacklisting, this method is far more effective in defending against distributed brute force attacks over thousands of IP addresses.
Brute force bots are a threat to nearly all websites today. At Access Watch, we’re happy to help. Sign up now and start efficiently blocking these attacks. Let us know what you think!