March 28, 2018
DHS Issues Warning for Recent Brute Force Cyberattacks
The Department of Homeland Security has issued an alert warning of brute force cyber attacks. According to the alert, hackers are using an attack known as password spraying.
Password spray attacks involve an unauthorized user attempting a single password against multiple accounts before moving on to attempt a second password. This process avoids the user's account becoming locked and alerting them about suspicious activity.
According to the alert, the attackers use social engineering tactics to identify organizations, easily-guessed passwords, other compromised accounts, and more.
How to Avoid this Attack
First, it is important to enable multi-factor authentication (MFA). MFA requires more than one method to log into an account, typically a password and a prompt to your phone or email address. Second, it’s important to avoid simple passwords. Use complex passwords without common words that are easy to guess.
The FBI is asking recipients to report any suspicious or concerning activity to your local FBI field office, the FBI Cyber Watch at (855)-292-3937, or by email at CyWatch@ic.fbi.gov. If possible, include the date, time, location, type of activity, number of people, type of equipment used for the activity, the name of the submitting company or organization, and a designated point of contact. Learn more about the DHS alert and what you can do.