ACSIA Help Center

What is an "automated dictionary attack via web"?

Permanently deleted user
Permanently deleted user
  • Updated

Overview

This article will explain the ACSIA alert called "Automated dictionary attack via web".


Explaining the automated dictionary attack via web

An "automated dictionary attack via web" refers to a method used by attackers to gain unauthorized access to a user's online accounts or systems by systematically trying a large number of commonly used passwords.

To understand this type of attack, let's break it down:

"Automated": It means that the attack is carried out by a computer program or script rather than a human. The attacker uses software that automatically tries a vast number of password combinations without requiring manual input for each attempt.

"Dictionary attack": In this context, a dictionary refers to a list of commonly used words or passwords. A dictionary attack involves using such a list to systematically guess passwords. Attackers typically use dictionaries that contain thousands or millions of words, including common passwords, known phrases, and variations of them.

"Via web": This specifies the method of attack, which is through a web-based interface. Attackers attempt to access user accounts by submitting different password guesses to web-based login forms or authentication mechanisms, such as login pages on websites or web applications.

Here's an example to help illustrate this type of attack:

Let's say we have an online account with a popular e-commerce website. An attacker, using an automated dictionary attack via the web, targets our account. They have a program that tries thousands of passwords from a pre-compiled list, including common passwords like "password123" or "123456". The attacker's program automatically submits these password guesses to the login page of the website, hoping to find a match.

The automated program can try passwords at a high speed, making it possible to test a significant number of combinations within a short period. If the attacker's program successfully matches our account's password with one from the dictionary, they gain unauthorized access to our account and can potentially perform malicious activities, such as stealing personal information, making unauthorized purchases, or impersonating you.

ACSIA alerts you when you're under an automated dictionary attack via web. Here's all the information that ACSIA shows you in the Live Notification:

Also, on the right of the above screen, we can see the actions that a user can perform in such cases.