In the past few months, the security operations team of Systems Engineering has detected a significant increase in unauthorized attempts to access devices via remote networks among our monitored client base. This type of intrusion is commonly referred to as a brute-force attack. In a brute-force attack, threat actors relentlessly try different combinations of usernames and passwords until they successfully guess the correct credentials.
Organizations must understand the significance of safeguarding their systems and data against cyber attacks. It is essential to take proactive measures to prevent threat actors from gaining unauthorized network access. Here are 8 actionable steps to help protect against such attacks.
1. Strictly Enforce MultiFactor Authentication (MFA)
Implementing strict enforcement of MultiFactor Authentication (MFA) is the best line of defense against brute-force attacks. MFA adds an extra layer of security by requiring users to provide two or more forms of identification, such as a password and authentication prompt, before gaining access to their accounts. After entering a password, the user will receive and approve the prompt (aka “push” notification), to grant themselves access. It is important to extend the application and Implementation of MFA to all remote user accounts to fortify defenses effectively. This ensures that in the event of a compromised password, unauthorized access is prevented without completing the secondary authentication factor.
2. Be Cautious with Unexpected MFA Requests
Exercise caution when facing unexpected MFA requests to prevent unauthorized access to sensitive company information. A phenomenon known as "MFA fatigue" or "Push Bombing" is a technique highlighted by the Cybersecurity & Infrastructure Security Agency (CISA). This technique is used by threat actors to bombard a user with mobile application push notifications until the user approves the request by accident or to simply make the notifications stop. To mitigate MFA fatigue, an added layer of security known as Number-matching MFA, can be implemented. This phishing-resistant MFA method is designed to make it harder for hackers to access your sensitive information. Cultivating a habit of cautious validation enhances your defense against potential threats, contributing to a secure online environment.
3. Enforce Secure Password Management
To enhance password security and resist brute force attacks, implement policies for creating complex passwords that are lengthy, unique, and include a mix of upper and lowercase letters, numbers, and special characters. For instance, consider using a passphrase such as SecureMSP@2024. Additionally, discourage attackers by setting thresholds for failed login attempts and implementing account lockout policies. Limiting login hours to specific times further reduces exposure during off-hours. Regularly review and remove dormant accounts to minimize the attack surface and unauthorized access risk. Identify and delete accounts with generic usernames like "guest" or "test" to eliminate easy targets for attackers. Finally, employ secure password storage mechanisms to encrypt passwords and increase resistance against cracking attempts.
4. Implement Geographical Blocking or Geofencing
Geographical Blocking, also known as Geofencing, is a robust security measure that limits access according to the user's geographical location. By implementing geofencing, you can precisely control access, permitting entry exclusively from U.S. IP addresses. This proactive approach acts as a digital barrier, effectively preventing unauthorized attempts originating from foreign locations, and fortifying your overall security perimeter. Implementing geofencing not only enhances security but also ensures a more targeted and controlled user access experience.
5. Manage Remote Network Access
VPNs (Virtual Private Networks) create a secure and encrypted connection over the internet, allowing data to travel safely between the user's device and the network. It is recommended to disable any unused VPN connections to prevent potential entry points and minimize the risk of exploitation. Another remote access tool, RDP (Remote Desktop Protocol), enables users to remotely control another computer, which makes it a prime target for brute-force attacks. When combined with weak passwords or poorly secured accounts, RDP can become an easily exploitable backdoor to your network. Therefore, it is best to restrict RDP access to the local network and only permit authorized users to gain entry.
6. Limit Domain Admins
Limiting the number of domain administrators is crucial in safeguarding against brute-force attacks. Since domain administrators possess the most powerful network accounts, shrinking the area of vulnerability is essential. By limiting the number of individuals granted high privileges, organizations can mitigate the damage done by a successful brute-force attempt. This, in turn, makes it more challenging for attackers to compromise the network.
7. Avoid Using Domain Admin Accounts for Services
As previously stated, domain administrator accounts are granted extensive privileges and should never be used for service accounts such as Microsoft Exchange, backups, DNS clients, and other third-party applications. If a hacker gains access to a service running under a domain admin account, they can gain control over the entire domain. Therefore, it is a recommended practice to create dedicated service accounts that follow the principle of least privilege, which only grants the permissions necessary to perform their intended tasks. This method divides access, protecting highly privileged credentials and strengthening defenses against potential brute-force attacks.
8. Rename Power User Accounts
Changing commonly known and default account names, such as "root" or "admin," also known as "power user accounts," can significantly enhance security against brute-force attacks. The attackers' ability to guess valid usernames is easily disrupted, discouraging attackers who rely on predictable usernames for their malicious activities. Changing default and commonly known account names is a fundamental security practice that helps businesses prevent unauthorized access, reduce the risk of security breaches, and demonstrate a commitment to maintaining a secure environment.
Taking a proactive and holistic approach is crucial to maintaining a secure digital environment that bolsters your organization's defenses against brute-force attacks. Enforcing MFA, consistently managing user accounts, implementing protective measures like geofencing and domain admin limitations, keeping systems up to date, and educating your team on security best practices are vital elements of this strategy to help you remain vigilant. By following these steps, you not only decrease the risk of being targeted by brute-force attacks, but also establish a strong defense against emerging threats.
If you'd like more information on establishing a secure and resilient environment within your organization, feel free to connect with us at info@systemsengineering.com or call 888.624.6737. For our valued clients, please reach out to your Account Manager.
