Executive Summary

Brute Force Attack Attempts on the Rise

According to the Fortinet Threat Intelligence Insider for Latin America, brute force attacks are very active in the region and have been among the most frequent intrusion attack attempts in the second quarter of the year. Some examples are the SSH.Connection.Brute.Force, a brute force attack attempt consisting of multiple SSH requests intended to perform a brute force SSH login, launched at a rate of about 200 times in 10 seconds. Another example is the SMB.Login.Brute.Force, a detection of at least 500 failed SAMBA logins in one minute, indicating a possible brute force attack on Microsoft Windows operating systems.

With the massive transition to the home office, cybercriminals find a significant number of misconfigured Remote Desktop Protocol (RDP) servers, leading to more such attacks.

The growth of remote work has rekindled the interest of cybercriminals in brute force attacks, which are repeated and systematic attempts to guess a credential by sending different usernames and passwords to try to access a system.

Brute-force attacks are commonly used to decrypt encryption algorithms or get weak passwords, email passwords, social network credentials, Wi-Fi access, etc. The attacker tries, through many-time automatic mechanisms, multiple repeated attempts until reaching the successful result.

Malicious Phishing Campaigns

The results of Fortinet Threat Intelligence Insider Latin America for the first semester of 2020 reveal an increase in attempts to lure unsuspecting victims into going to malicious sites, clicking on malicious links, or providing personal information over the phone under the auspices of COVID-19 pandemic.

FortiGuard Labs reported a significant rise in viruses, many of which are included in these malicious phishing attachments.

April saw the highest volume of COVID-19 related email phishing campaigns with over 4,250. Largest spike was April 2 where Fortinet reported 330 COVID-19 email phishing campaigns worldwide. Numbers have been steadily declining since April, with 3,590 email phishing campaigns in May and 2,841 in June.

Most emails had malicious .DOCX and .PDF files (.DOCX being the highest) attached, ransomware attempts being the most prevalent attachment.

Tips

It is essential that organizations take measures to protect their remote workers and help them secure their devices and home networks. Here are a few critical steps to consider:

  • Educate your remote workers – and their families – about things like phishing and malicious websites and how to stop them. Fortinet has made a number of user training resources free of charge, including the first two levels of our NSE training program.
  • Perform a review of your security tools.
  • Make sure that remote workers have a VPN solution in place. For more advanced security, consider adding tools to detect and defuse live threats.
  • Ensure that your corporate headend is also protected, enabling multifactor authentication. Also consider a NAC solution to ensure that authenticated devices only have access to the network resources they require, and to automatically respond to devices that misbehave.
  • Given that so many attacks are phishing-based, it is critical that your secure email gateway is capable of detecting and filtering out phishing attacks and spam, and eliminating malicious attachments.

The best way to mitigate brute force attacks is to use strong passwords. Using long and complex passwords is only the first step to prevent this type of attack. It is important to use encryption mechanisms and that the organization limits the number of login attempts for a certain period, as well as enabling other robust authentication mechanisms such as multifactor, tokens, or image validation (CAPTCHA).

In addition, it is important to invest in monitoring and detection solutions capable of identifying network intrusions and anomalous behavior. The ability to respond automatically is crucial to avoid data breaches.

select country