During the pandemic year, so-called brute-force attacks, i.e. password guessing attempts, became an extremely common weapon used by cyber attackers.
Since the start of the pandemic, ESET has recorded approximately 1.1 billion password cracking attempts in Slovakia. The number of brute-force attacks has thus increased by 988% year-on-year. The data was presented at the ESET Security Days conference by ESET digital security specialist Ondrej Kubovič. All of the aforementioned attempts were detected and prevented by the brute-force attack protection technology that is built into ESET products.
The main cause of the increasing brute-force attacks is the mass shift to the home office. This is because companies need to connect their employees to internal systems via remote access. These often contain sensitive company data or data that is subject to GDPR protection. In the past, such information has not been directly accessible from the internet and is therefore particularly tempting for attackers.
“Since employees can access corporate systems from home via the Internet, attackers are trying to attack organisations in this way. When attackers guess employee login credentials, they gain access rights as normal corporate users or even as administrators,”
explained Ondrej Kubovič during the ESET Security Days conference.
Attackers also play into the hands of attackers because remote access protocols often do not have limited login attempts. This makes it difficult for password generators, especially in the case of weak passwords.
Businesses are also worried about the increasing number of ransomware attacks. The new trend is that this type of attack is increasingly targeted. In addition to encryption, cyber criminals copy sensitive documents, customer data or otherwise valuable data from company systems and then threaten organisations with disclosure.
It is not only corporations that are at risk, but also smaller companies. According to Ľubomír Kopáček, a cyber security expert at GAMO, what is important for criminals is what they can get out of the attack:
“Smaller businesses can often be even more interesting targets than corporations because they are completely unprepared to face ransomware.”
Jaroslav Oster, information security consultant at Info consult, also warned against neglecting security during a discussion at ESET Security Days. In this context, he believes it is essential for employers to train employees and warn them about manipulative techniques of attackers.
“A lot of attacks are based on companies not having educated staff. They don’t know socio-manipulative techniques, they can’t identify phishing, they’ll click on anything that looks interesting. These have been the cases of most of the attacks we have recorded in the past two years,” said Oster.
During the conference, experts also discussed zero-day attacks, advanced persistent threats and the latest technologies that help address these risks. The two-day digital conference was organized by ESET in cooperation with SME Conference on May 19 and 20, 2021. Speakers included other renowned experts, including Rastislav Janota, Director of the National Cyber Security Center SK-CERT, Peter Jankovsky from Axenta, and ESET experts Július Selecky, Robert Lipovsky and Daniel Chromek.
The individual presentations and discussions can be viewed from the recording on this page.
