How to prevent an enumeration attack

Studies surveying major cybersecurity threats in 2022 identified several threats that could compromise web server security and pose a major threat to businesses.

These attacks covered a wide gamut of cyberattacks, including malware and enumeration attacks, with the latter proving to be a significant threat for most businesses. 

Enumeration cyberattacks already proved to be a significant problem last year. For example, an enumeration campaign targeting a digital marketing and web design firm compromised over 33 merchants and more than 2500 enumerated transactions per merchant. 

A similar case followed in the same year, targeting the authentication stage of transactions on eCommerce merchants, granting cybercriminals valuable access to server data and placing customer data in danger. 

Enumeration cyberattacks are a major threat because it allows cybercriminals to access valuable data stored on a web server database. They obtain this data by brute-forcing access to employee accounts on web applications. 

Common attacks target two critical areas: usernames and passwords. Cybercriminals try different combinations of passwords and usernames until they find the combination that works. This is inadvertently helped along by poor application security that reveals whether a username is in the database or not. 

For example, notifications such as Username does not exist give people clues that can help them discern whether the password or username aligns with the application users. 

Cybercriminals brute force access by trying different passwords and usernames until they find a combination that works. 

At the same time, cybercriminals can leverage a more sophisticated approach like measuring server response times to determine if they are using an invalid or valid username. Servers generally take longer to respond to failed login attempts compared to successful ones.

Given that most organisations are using SAAS or cloud-based applications for critical business operations—six out of ten businesses moved their operations to the cloud—account enumeration attacks have been rightfully identified as a major threat in the cybersecurity landscape. 

Best methods for preventing enumeration attacks

Preventing these attacks and improving security requires several cybersecurity controls working in sync to create a more secure network. Here are some effective measures that have proven to work.

Conduct cyber awareness training 

Training sessions help employees identify common tactics cybercriminals use to steal sensitive information. This means they will be better placed to identify these attacks and inform your IT team. 

Limit login attempts 

Cybercriminals often brute-force access to employee accounts; limiting login attempts can help prevent such attacks in the future. Limiting logins can improve cybersecurity and frustrate cyberattack attempts. 

Implementing other cybersecurity mechanisms such as CAPTCHAS and MFA also make logins far more complicated and hinder cybercriminals. 

Install a web application firewall (WAF) 

A web application firewall works as a shield between the web application and the internet by monitoring and filtering HTTP traffic. 

The firewall can not only block suspicious login attempts from a single IP address, but it can also block other cyberattacks such as cross-site forgery, cross-site scripting, file inclusion, and SQL injection. 

Leverage multi-factor authentication 

Multi-factor authentication can filter out brute-forced attempts because they cannot access servers without submitting the correct tokens first; tokens that can only be provided by authorised personnel. Cybercriminals are also unlikely to receive these compromised endpoints that generate these tokens. 

Mask API responses 

Make sure that no messages on your API forms give away clues about valid entries, making it difficult for cybercriminals to guess correct entries. 

Several websites are already exercising similar techniques. For example, a failed login attempt generates the following response, The username/password combination is not correct. These responses obfuscate the login issue and prevent cybercriminals from gaining access to servers. 

Slide Click Here GET YOUR FREE ATTACK SURFACE REPORT Gain visibility into your attack surface and mitigate cyber risks in your digital ecosystem.

Incorporate account security into your cybersecurity plans

As the fraud threat landscape of 2022 takes shape, we can see that enumeration attacks will become a major disruptor for businesses.  

To prevent such attacks and maintain the security of business servers, cybersecurity controls that prevent enumeration cyberattacks will be an integral part of your cyber supply chain risk management in 2022. 

It can expand your cyber resilience and ensure that you are adapting to the fraud threat landscape of the next few years. 

Securing your servers, however, is not enough. Ensuring that vendors also have similar cybersecurity strategies in place is critical for continued server security and integrity. 

With most businesses operating in a virtual environment, taking measures to shore up weaknesses in virtual platforms is critical for continued business integrity.