From F5 Networks remind us that “any application that requires authentication is a potential target for a brute force attack,”.

The EMEA region is the main target of the brute force attacks, those in which there are at least ten unsuccessful attempts to login in less than a minute, or one hundred in 24 hours.

So what unveils F5 Networks, whose Response Team Security Incident reveals that, of all attacks detected over the past year in that region, 43.5 % was from brute force. We continue to Canada with 41.7 %, united States with 33.3 % and the area area APAC a 9.5 %.

By the public sector is the most affected, since 1 of every 2 incidents comes in the form of brute force attack, although the financial (47,8 %) and health (41.7 %) to be close to him. The sector of education (27,3 %) and the providers of telecommunications services (25 %) complete the top 5.

From F5 Networks explains that “any application that requires authentication is a potential target for a brute force attack,”. The majority of attacks occur in the access level. The most abundant are the brute force forms-based authentication HTTP, the access to the web via Outlook, Office 365 and ADFS, the brute force SSH/SFTP, and the brute-force S-FTP.

But three-quarters of companies are still using credentials simple that combine user name and password to shield your web applications reviews.

The favorite target is usually the e-mail, which relates to the 39 % of the gaps in access and 34.6 % of the causes of violation.

“If the monitoring capabilities of an organization are not sufficiently robust, brute-force attacks may seem innocuous, appearing as a login legitimate user name and password”, says Ray Pompon, the Main Threat Research Evangelist of F5 Networks. “attacks of this nature can be difficult to detect because, in regard to the system, the attacker appears to be the legitimate user”.

How to avoid it? “To begin, make sure that the system can detect brute-force attacks. At this point, there is to balance the importance of the confidentiality and integrity of the information with the availability requirements of the business. Set up some alarms on the firewall is not enough, it is also important to count with mechanisms of restoration of service both for the organization and for its users”, details Pompon.

“Finally”, ends, “there are to run tests monitoring and response capacity, as well as to develop manuals that enable practitioners to react quickly and with confidence when faced with any incident”.