Password & Physical Attacks

0 Comments 4:49 pm

Part 2 – 7: Terms and Definitions for Password & Physical Attacks

TermDefinition
Password AttackDifferent ways of attacking to obtain login credentials
Brute Force AttackUse of predefined passwords that are used to guess a password
Dictionary AttackCommonly used words and phrases used to guess a password
Physical AttackUse of malicious devices such as, USB devices, to steal information from the victim

Password attacks are growing in numbers everyday. Most of the attacks that occur in businesses are password attacks which allow attackers to trick the user to giving them the password to victims account or the account for their domain server. Brute force and dictionary attacks are the most common attacks on end users and require some form of access to the system to conduct them. A brute force is an attack that tries a password over different possibilities predefined by the attacker. A dictionary attack occurs when an attacker uses common words and phrases against a login to guess a password. These attacks can happen on any front-end web app or database, if the attacker can see a login page, they can try to break it.

The best way to defend against password attacks are by implementing an additional form of factor or passwords that requires two logins or a verification login. Other ways to defend yourself from password attacks is by creating difficult alpha-numeric passwords with a combination of symbols, spaces, capital and lower-case letters. Remove password hints and instead use a password vault that is salted and hashed to prevent attackers from obtaining them if a data-breach occurs.

Physical attacks do not cause actual harm to the victim, but instead, causes harm to their computer or device. A physical attack is such an attack leaves malicious USB drives laying around an office, parking lot, coffee shop, etc. The intent is to lure victims to plugging the USB into their personal or work devices and inflicting malware on them. Once a USB device is plugged in, it can automate an attack on the device such as disabling software, anti-virus systems, launching commands to initiate access for the attacker, etc. Another popular physical attack is skimming credit cards. If the attacker can obtain your credit card information, they can easily search for you on the web to find the remaining information they need to make purchases on your behalf. Skimming a credit card can be done through use of a magnetic strip that is hidden within the swipe card machine. Once you swipe your card, the tampered magnetic strip will read all your credit card information and stored either in a temporary flash based database on the skimming device, or sent over the air through wireless technology to the attackers phone.