BRUTE

FORCE
ATTAC
What is Brute Force
Attack?
A hacking method that uses trial and error to
crack passwords, login credentials, and
encryption keys.

"Brute force" comes from attackers

using excessively forceful attempts
to gain access to user accounts.
Reasons Behind Brute Force
Attacks
Hackers know that many users implement weak
passwords. Most are short and easy to remember.
• 83% of Americans create weak passwords in
terms of length (less than 10 characters) and
character complexity (only numbers and
letters) and 53% use the same passwords
across accounts.

• "123456" is one of the

most commonly used passwords in the
world making it an easy choice for a hacker
attempting a brute force attack.
TYPES Simple Brute Force

OF
Attacks
Dictionary
Attacks

BRUTE Hybrid Brute Force

Attacks

FORCE
Reverse Brute Force
Attack
Credential

ATTACK
Stuffing
 Simple Brute Force
Hacker attempts to Attacks
guess a user’s login Dictionary
credentials manually Attacks
without using any Hybrid Brute Force
Attacks
software but through
standard password Reverse Brute Force
Attack
combinations or PIN
Credential
codes. Stuffing
 Simple Brute Force
Basic form of brute Attacks
force hacking in Dictionary
which the attacker Attacks
selects a target, then Hybrid Brute Force
Attacks
tests possible
passwords against Reverse Brute Force
Attack
that individual’s
Credential
username. Stuffing
Hacker use the
Simple Brute Force
combination of Attacks
dictionary attack Dictionary
method with a simple Attacks
brute force attack. Hybrid Brute Force
They blend outside Attacks
means with their Reverse Brute Force
Attack
logical guesses to
attempt a break-in. Credential
Stuffing
 Simple Brute Force
Hacker reverses the Attacks
attack strategy by Dictionary
starting with a Attacks
known password Hybrid Brute Force
Attacks
then search millions
of usernames until Reverse Brute Force
Attack
they find a match.
Credential
Stuffing
Attackers collect Simple Brute Force
username and Attacks
password Dictionary
combinations they Attacks
have stolen, which Hybrid Brute Force
Attacks
they then test on
other websites to see Reverse Brute Force
Attack
if they can gain
Credential
access to additional Stuffing
user accounts.
How Do Brute Force Attack
Work?
Hackers can use manual processes or
automated software to infiltrate a private
network. They may already have access to
certain information before they begin their
attempts.
5% of all data breaches are caused by
brute force attacks. Breaches caused by
hacking,
80% involve brute force or lost/stolen cr
POPULAR
BRUTE John the Ripper

FORCE Aircrack-ng

ATTACK Hashcat

TOOLS
 Open-source software that lets John the Ripper
users run dictionary attacks and
detect weak passwords through
various cracking and decryption Aircrack-ng
techniques.
Hashcat
An open-source tool that John the Ripper
focuses on penetration testing
for wireless network security Aircrack-ng
through dictionary attacks
against network protocols.
Hashcat
A penetration testing platform
that lets hackers use known John the Ripper
"hashes," a password that's run
through a formula and Aircrack-ng
converted to a string of random
characters that is always the
same length regardless of how Hashcat
much data the password
contains.
REAL-
LIFE Dunkin’ Donuts Case

CASES Compromised Alibaba

Account

OF 2012 LinkedIn
Incident

BRUTE
DUNKIN’ DONUTS PAYS OVER HALF A MILLION
IN PENALTIES
In a famous 2015 incident
involving the use of brute force,
Dunkin’ Donuts digital customer Dunkin’ Donuts Case
accounts were targeted by
hackers who used a leaked list
Compromised Alibaba
of previously stolen credential Account
information and ran brute force
algorithms. They gained access 2012 LinkedIn
to 19,715 user accounts for the Incident
customer loyalty application
and stole tens of thousands of
dollars of rewards cash.
HOW DID DUNKIN
RESPONSE?
Dunkin’ Donuts initiated an
internal investigation to
understand the extent of the Dunkin’ Donuts Case
breach and the methods used by
the attackers. Compromised Alibaba
Account
Affected users were notified
2012 LinkedIn
about the breach and the Incident
unauthorized access to their
accounts.
WHAT MITIGATION METHOD DID THEY USED?
Password Resets

The company forced a reset of all

user passwords for the affected Dunkin’ Donuts Case
loyalty application to prevent
further unauthorized access.
Compromised Alibaba
Security Protocol Upgrades Account
Dunkin’ Donuts upgraded security 2012 LinkedIn
measures, likely including stronger Incident
password policies and multi-factor
authentication (MFA) to enhance
account security.
WHAT SOLUTION DID THEY COME UP?
Enhanced Account Security

Implemented more robust security

protocols, such as monitoring for
unusual login attempts and Dunkin’ Donuts Case
employing rate limiting to prevent
brute force attacks. Compromised Alibaba
Account
User Education
2012 LinkedIn
Educated users about creating Incident
strong, unique passwords and the
importance of not reusing
passwords across different
accounts.
DUNKIN’ DONUTS PAYS OVER HALF A MILLION
IN PENALTIES
The result of the brute force
attack and breach on customer
accounts at Dunkin’ Donuts Dunkin’ Donuts Case
resulted in
$650,000 in fines and damages
Compromised Alibaba
and forced the company to Account
reset all user passwords and
upgrade security protocols for 2012 LinkedIn
the application. Incident
20.6 MILLION ACCOUNTS COMPROMISED AT
ALIBABA
In 2016, a team of hackers used
a previously breached database
with over 99 million credentials Dunkin’ Donuts Case
for multiple web applications.
Taking advantage of weak
Compromised Alibaba
passwords and users Account
implementing the same
password across other 2012 LinkedIn
accounts, they used brute force Incident
and credential stuffing to
successfully access nearly 20%
of all the targeted accounts.
HOW DID ALIBABA
RESPONSE?
Alibaba conducted a thorough
investigation to assess the
breach's impact and identify the Dunkin’ Donuts Case
vulnerabilities that were
exploited.
Compromised Alibaba
Account
All affected users were
informed about the 2012 LinkedIn
compromise, advising them to Incident
change their passwords
immediately.
WHAT MITIGATION METHOD DID THEY USED?
Mandatory Password Changes

Alibaba required all users to

change their passwords, especially
those accounts that had been Dunkin’ Donuts Case
accessed during the attack.
Compromised Alibaba
Strengthened Security Account
Measures
2012 LinkedIn
The company likely implemented Incident
additional security measures, such
as enhanced monitoring for
suspicious activity and the
introduction of Multi-Factor
WHAT SOLUTION DID THEY COME UP?
Account Security Improvements

Alibaba reinforced its security infrastructure

to detect and prevent credential stuffing and
brute force attacks, including:

Rate Limiting: Limiting the number of login

Dunkin’ Donuts Case
attempts from a single IP address to
mitigate brute force efforts.
Compromised Alibaba
Behavioral Analytics: Employing Account
advanced analytics to monitor user behavior
and identify anomalies that may indicate 2012 LinkedIn
unauthorized access. Incident
User Awareness Campaigns

Launched campaigns to educate users on

the importance of strong, unique passwords
and best practices for online security.
20.6 MILLION ACCOUNTS COMPROMISED AT
ALIBABA
While no dollar amount of
damages has been indicated, it Dunkin’ Donuts Case
was confirmed that nearly
20.6 million Alibaba account
s Compromised Alibaba
were successfully compromised Account
and accessed maliciously, and
2012 LinkedIn
all users were asked to change Incident
their passwords.
 LINKEDIN 117 MILLION PASSWORD DUMP
(2012)
In June 2012, LinkedIn
experienced a significant data Dunkin’ Donuts Case
breach where approximately
117 million passwords were
stolen. The breach was Compromised Alibaba
particularly concerning because Account
the passwords were stored in a 2012 LinkedIn
poorly secured format, which Incident
made them vulnerable to brute
force attacks.
HOW DID LINKEDIN
RESPONSE?
LinkedIn notified affected users
about the breach, advising them
to reset their passwords Dunkin’ Donuts Case
immediately to protect their
accounts.
Compromised Alibaba
Account
LinkedIn conducted an internal
investigation to determine how
2012 LinkedIn
Incident
the breach occurred, focusing on
the hashing methods used for
storing passwords.
WHAT MITIGATION METHOD DID THEY USED?
Password Hashing Improvements

LinkedIn upgraded its password hashing

algorithms.
Dunkin’ Donuts Case
Increased Security Measures

Implemented additional security measures Compromised Alibaba

to monitor for unusual account activity
and unauthorized access attempts.
Account

Rate Limiting and Account Lockouts 2012 LinkedIn

Incident
Introduced rate limiting on login attempts
to prevent brute force attacks, temporarily
locking accounts after a certain number of
failed login attempts.
WHAT SOLUTION DID THEY COME UP?
Two-Factor Authentication

Encouraged users to enable two-

factor authentication to add an
extra layer of security to their Dunkin’ Donuts Case
accounts, making it more difficult
for unauthorized individuals to Compromised Alibaba
gain access. Account
Regular Security Audits 2012 LinkedIn
Incident
Committed to conducting regular
security audits and assessments
to identify vulnerabilities and
improve overall security posture.
 LINKEDIN 117 MILLION PASSWORD DUMP
(2012)
LinkedIn advise its user to
improve security measures and Dunkin’ Donuts Case
tell users to change their
passwords. They offered
resources for better password Compromised Alibaba
practices but did not implement Account
a compensation program for 2012 LinkedIn
affected users. Incident
WHAT
WILL I DO Immediate Actions

WHEN Mitigation Approach

BRUTE Long-Term Strategies

FORCE
ATTACK
ASSESS THE BREACH
Identify the Scope
Determine what data was compromised
and how the breach occurred.
Immediate Actions
Contain the Breach
Take immediate steps to secure systems
and prevent further unauthorized access.
Mitigation Approach
NOTIFY AFFECTED PARTIES
Long-Term Strategies
User Notification
Inform affected users promptly about the
breach, detailing what information was
compromised and what steps they should
take.

Regulatory Compliance
Notify relevant government agencies.
CONDUCT AN Immediate Actions
INVESTIGATION
Internal Review
Launch a thorough investigation to
understand the breach's cause and assess Mitigation Approach
vulnerabilities.

Engage Cybersecurity Experts Long-Term Strategies

Consider hiring third-party cybersecurity
firms to assist with the investigation and
remediation.
ENHANCE SECURITY
MEASURES
Upgrade Security Protocols
Implement stronger security measures,
such as advanced encryption, multi-factor
authentication, and regular security Immediate Actions
audits.

Patch Vulnerabilities
Address any identified weaknesses in Mitigation Approach
software or systems immediately
USER EDUCATION
Long-Term Strategies
Provide Resources
Offer guidance to users on creating strong
passwords and recognizing phishing
attempts.

Promote Security Practices

Encourage users to enable two-factor
authentication and monitor their accounts
for suspicious activity.
DEVELOP A RESPONSE
PLAN
Incident Response Plan
Create or update your incident response Immediate Actions
plan to prepare for future breaches.
Include communication strategies, roles,
and responsibilities. Mitigation Approach

REGULAR SECURITY AUDITS

Long-Term Strategies
Ongoing Assessments
Conduct regular security assessments and
penetration testing to identify and
mitigate risks proactively.
BUILD TRUST WITH USERS
Transparent Communication
Maintain open communication with users
about security measures and Immediate Actions
improvements.

Compensation Consideration
Mitigation Approach
Evaluate the possibility of offering
compensation or services to affected users
as a goodwill gesture, if feasible. Long-Term Strategies
LEGAL ACTION
Pursue Legal Recourse
If applicable, work with law enforcement to
investigate the breach and pursue legal
action against the perpetrators.