By Rajat Bhargava Posted July 15, 2015
We often hear about thefts that are called “smash and grab” jobs. A thief (not a particularly skilled one) breaks into a jewelry store, smashes some glass cases, and grabs the jewelry.
“Smash and Grab” for the Internet Age
Can the same style of low-skill theft happen online? Yes. We call these brute force attacks. They aren’t particularly elegant, but unlike the offline world, they are happening every minute of every day and at massive scale.
As soon as any server comes online, it is bombarded with attacks. If your server isn’t patched and locked down, that server will be compromised within a matter of minutes. Unfortunately, it happens all too often. We know this because there are so many bots run from compromised machines.
How Brute Force Attacks Work
These “smash and grab” attacks are largely focused on checking for default passwords and open ports with vulnerable services. The bots will try a variety of username and password combinations to see if one of them lets them in. Often they will use root or common names/words. We generally call these dictionary attacks as well.
Once they find a username that can work, they will start trying a variety of password combinations. As bots check for open ports, they will look for specific services and if they find an outdated version, they can use a specific exploit and gain access to the machine. Either method is viable if the machine owners haven’t done their homework in protecting the device.
Once a hacker is in and has your credentials, they have the keys to the kingdom. They will move from machine to machine and look for the core data that they want to steal. Most IT admins don’t see this happening to them, but it just takes one lapse for a machine to be compromised.
How to Prevent Password Theft
If you are utilizing Infrastructure-as-a-Service providers such as AWS or Google Compute Engine, you can lean on their firewall capabilities. That will help shut down your inbound connections to a minimum.
Even better, turn off username and password login and move to key based access. If you need help with this, enlist JumpCloud’s Directory-as-a-Service™ to help manage the implementation of key based access across your environment. Shut down all unnecessary ports and for the ports that need to be opened, ensure that your services are patched and on the latest version.
Through these methods, you can avoid the most basic smash and grab password theft. But of course, you’ll need to do more to protect against sophisticated hackers.
User security is at the core of online security. If you would like to learn more, we’d be happy to talk about your strategies around protecting user identities. Just take a look at our Directory-as-a-Service solution for more information on how we are helpful in protecting users.