In one of our articles What is a brute force attack, we give you an overview of what a brute force attack is: a “forceful” attempt to access a file, account, or network, whether it is authorized or unauthorized access. Here, we will further classify the different types of brute force attacks, when they are used, and how it is done.
Types of Brute Force Attacks
- Dictionary Attack
A dictionary attack is when a hacker uses sets of password combinations that are related to you. If your basic personal information is known such as your name, date of birth, and address, these are the combinations that will be used to try to get into your account/s. Favourite books, authors, singers, some of these are also used as password combinations to try and get access (information visible if shared, say, through social media platforms)
Another thing they take note of is when a platform prompts to change password at a given time duration (for example after 30 days or after 90 days), they simply tweak like adding 1 or 2, so they can keep their old passwords without having to remember another one. So attackers will also try these combinations along with a past password you may have used.
- Simple Brute Force Attack
In contrast to a dictionary attack, a simple brute force attack uses random password combinations (all possible combinations) that are commonly used.
- Hybrid Brute Force Attack
This is a combination of simple and dictionary brute force attacks. It uses combinations of password combinations linked to you, your personal information, and your preferences. This time, they attempt different sequences of characters along with them (e.g. yourfavoritebook5, yourfavoriteauthor310).
- Reverse Brute Force Attack
Instead of guessing the password, it attempts to have a crack at the account holder’s username. For example, using “password” as default then guessing different usernames.
- Credential Stuffing
For attacks using credential stuffing, they utilize successful passwords/login credentials that have successfully gotten through in previous attempts (e.g. within a company’s logins or accounts).
Now that you have a more in-depth knowledge of brute force attacks, click here to find out how you can protect your website and your business from these unauthorized access attempts.