The number and intensity of brute force attacks – such as those which targeted the UK and Scottish Parliaments last year – has increased dramatically over the first half of this year, according to new research from leading cyber security specialist Foregenix.
Its analysis of data from more than 500 websites globally show that, apart from a dip in February, large-scale attacks have followed an upward trend over the first half of the year. May and June registered four attacks dailywhile the previous three months never recorded more than one attack a day.
The intensity of attacks also stepped up with the number of very large brute force attacks – defined as more than 30,000 malicious requests in a 10 minute period – ended on an unprecedented high of over 1.5 attacks daily after starting the year at half that level.
In a brute force attack, cyber criminals use automated software such as botnets to make multiple guesses about possible passwords to gain access to data or personal details.
Benjamin Hosack Chief Commercial Officer at Foregenix comments: 'Brute force attacks were once an occasional occurrence – typically we would see around one every three months or so. This data confirms what we are seeing on the ground. There is a very clear upward trend, not only in the frequency but also the intensity. Automated massive attacks are now the norm.
'Hackers are targeting organisations of all types in the public and private sectors. Smaller firms are seen as prime targets as their servers are often more vulnerable and, once breached, they can be used to launch new automated attacks that appear to come from a legitimate source.'
Hosack recommends organisations should strengthen their defences, for example by enforcing complex passwords, using challenge response tests such as solving a simple maths problem and accountlockouts if a password is incorrect on a specific number of attempts.
Foregenix CEO Andrew Henwood comments: 'There's little reason to believe the trend will be reversed. The difficulty in catching the cyber criminals, the ease with which they can launch attacks and weak cyber defences especially in growth areas like the Internet of Things means brute force attacks are a long-term issue.
'Organisations need to take action to safeguard valuable data. Following straightforward security procedures can avert a serious incident that could have a devastating impact on a business.'
The horizontal axis represents months, starting with 1 January and ending 22 June, the vertical axis is the daily frequency of attacks.
Benjamin Hosack's image caption: "Attacks were far rarer and less intense as little as two years ago, today brute force attacks are just business as usual."
'Large-scale' attacks are defined as having more than 10,000 malicious requests in less than 10 minutes.
Very large-scale attacks' have more than 30,000 malicious requests in less than 10 minutes.
The largest brute force attack, recorded in June, was 3,547,074. The size of the average attack from January to June was 55,993.