There are many extremely technical and sophisticated hacks out there.
As you might be able to guess from the name, a brute-force attack, isnt really all that.
That isnt to say that you should ignore them.
As unsophisticated as they are, they can be very effective.
Given enough time and processing power, a brute-force attack should always have a 100% success rate.
Contents
Sub-classes
There are two main sub-classes: online and offline attacks.
An online brute-force attack doesnt necessarily involve the Internet.
Instead, it is a class of attack that directly targets the running system.
An offline attack can be performed without needing to interact with the system thats under attack.
But how can you attack a system without attacking the system?
Well, data breaches often contain lists of leaked usernames and passwords.
Security advice though, recommends that passwords are stored in a hashed format.
These hashes can only be cracked by guessing the right password.
An online attack in comparison would try logging into the website directly.
As such, offline brute-force attacks are typically preferred by attackers.
Sometimes, however, they may not be possible.
Brute-forcing credentials
The easiest class to understand and the most common threat is brute-forcing login details.
An offline brute-force attack revolves around cracking password hashes.
This process literally takes the form of guessing every possible combination of characters.
Given enough time and processing power, it would successfully crack any password using any hashing scheme.
To attempt to increase the odds of cracking most passwords, hackers tend to use dictionary attacks instead.
Other types of brute-force attack
There are many other ways to use brute-force.
Some attacks involve trying to gain physical access to a rig or system.
Typically an attacker will make a run at be stealthy about it.
Brute-force alternatives to these tend to be very literal, using actual physical force.
In some cases, some of a secret may be known.
A brute-force attack can be used to guess the rest of it.
For example, a few digits of your credit card number are often printed on receipts.
An attacker could try all possible combinations of other numbers to work out your full card number.
This is why most numbers are blanked out.
DDOS attacks are a pop in of brute-force attack.
They aim to overwhelm the targeted systems resources.
It doesnt really matter which resource.
it could be CPU power, data pipe bandwidth, or reaching a cloud processing price cap.
DDOS attacks literally just involve sending enough internet traffic to overwhelm the victim.
It doesnt actually hack anything.
There are plenty of different types of brute-force attack.
This does not mean that brute-force attacks are paper tigers though, as the concept can be very effective.
