Brute-force attack against Arkansas county reportedly ends

StateScoop reports that officials at Washington County, Arkansas have disclosed that an attempted brute-force attack over the weekend has concluded after successfully averting over 64,000 server login attempts. Threat actors' dictionary attack that involved the utilization of familiar words and phrases to crack password-protected devices commenced on Dec. 15, when more than 14,000 server login attempts were made, while attempted logins rose to over 17,000 and more than 33,000 for the next two days before significantly dwindling to 176 and zero attempts on Monday and Tuesday, respectively, said officials. Such weekend attacks are not surprising to be conducted against organizations, especially those with limited network monitoring resources, according to Recorded Future intelligence analyst Allan Liska, who added that the total login attempts reported by the county represent the number of username and password combinations leveraged by the attackers. "A good security model should automatically lock the account out after so many password fails, especially if that is a system connected to the internet. So if you are if you're trying the administrator username and you're able to try 64,000 passwords against that, then you've done something wrong," said Liska.