Recent increase in brute force attacks

by Joe Guilfoy; Tony Hackett | Feb 12, 2020

 

The IT department at the League and other local service providers we have been in contact with, have noticed a significant increase in attempts to “brute force attack” firewalls and other internet facing systems at Indiana credit unions. A brute force attack is an attempt to gain access to a system using successive login attempts. It can be performed manually or by using an automated script. In either case, a brute force attack tries different username and password combinations with the hope of discovering a valid login. We have seen about 32 brute force attack attempts per hour over the last week on internet facing devices we manage. These attacks are originating from Asia Pacific IP addresses. These attacks started with trying to use “root” as the username. We are now seeing attempts using “administrator” as the username. The devices we manage are protected from this type of attack by restricting access to these devices to internal IP address access only. We want to share this information with you for awareness. We recommend checking with your provider who manages your firewalls and internet facing devices to make them aware of the current attack attempts we are seeing. Some steps to take to mitigate the risks of these types of attacks are:

  • Restrict admin/root access to specific IP addresses only. 
  • Change name of default administrative account to something other than root, admin or administrator.
  • Limit the number of administrative accounts on these devices.
  • Ensure the firmware/software is up to date on these devices.
  • Restrict international browsing from your firewall.
  • If possible, enable log monitoring and intrusion detection alerts.
We have also checked with Pondurance, a security solutions provider, and they are noticing the same trend where attackers are trying to gain access to smaller financial companies. They are also trying to gain access to larger companies through the smaller companies’ local VPN connections to the larger companies. 
 
If you have questions, please reach out to League Vice President Information Technology Tony Hackett. He can be reached at tonyh@icul.org, (317) 594-5326 or (800) 285-5300, ext. 5326.