How Adaptive MFA Helps Mitigate Brute Force Attacks

Before public cloud services, large-scale computing infrastructure was expensive, hosted on-premises, and reserved for big enterprises, governments, and universities. Now, anyone with a credit card can access an unlimited supply of cloud apps and computing power.

While cloud computing offers many benefits, its accessibility has also made identity attacks targeting passwords much more popular. The frequency of these attacks has increased sharply over the last few years. As more services move online and the value of data grows, identity attacks will become even more popular.

How are hackers targeting passwords?

Hackers have a variety of techniques at their disposal. Exploiting vulnerabilities in software or deceiving users through social engineering are two common tactics, but brute-force attacks are gaining ground through the use of automated bots. A recent report from Akamai indicates that “more than 40% of global login attempts are malicious, thanks to bot-driven credential stuffing attacks”. This increases the likelihood of attacks affecting your organization.

Two types of brute force attacks that target passwords have recently gained ground:

Credential stuffing: This attack takes advantage of users sharing credentials across multiple accounts. Most people have had account credentials compromised as part of a data breach. Attackers acquire credentials from a website breach and use bots to enter these credentials into a variety of sites in the hope that they will grant access.

Password spraying: This attack takes advantage of our tendency to rely on common passwords such as “password1” (which, according to th