Originally posted on Webroot Threat Blog - Internet Security Threat Updates from Around the World:
By Dancho Danchev
Thanks to the fact that users not only continue to use weak passwords, but also, re-use them across multiple Web properties, brute-forcing continues to be an effective tactic in the arsenal of every cybercriminal. With more malicious underground market releases continuing to utilize this technique in an attempt to empower potential cybercriminals with the necessary tools to achieve their objectives, several questions worth discussing emerge in the broader context of trends and fads within the cybercrime ecosystem.
What’s the current state of the brute-forcing attack concept? Is it still a relevant attack technique, or have cybercriminals already found more efficient, evasive and effective tactics to compromise as many Web sites/servers as possible? Let’s discuss the relevance of the attack concept in 2013, by profiling a recently released WordPress/Joomla brute-forcing and account verification tool.