The number and intensity of brute force attacks increased dramatically in recent years – and stronger brute force attacks have become the norm.
Brute-forcing passwords can allow attackers entrance to target infrastructure. For example, a hacker can compromise an organization’s server ﬁrst by a brute-force attack on passwords for the RDP protocol, then by conducting reconnaissance of the internal network. Factors that contribute to the success of this kind of attack include the use of dictionary passwords, the lack of two-factor authentication, and insufﬁcient protection of resources. The attack is even more likely to be effective if the password for the OS administrator is weak and if computer and server RDP ports are open to Internet connections.