At LexBlog, we are constantly monitoring systems for unwanted activity. Cyber attacks of one type or another hit our network every week. Our systems and the partners we work with help keep those events from becoming real problems. This situation is an unfortunate reality of doing business on the Internet today.
We are currently monitoring an uptick in “drip” attacks or “slow brute force” attacks on our network, where malicious bots cycle through known pairs of usernames and passwords at a relatively low rate of speed. The login credentials are available on the Dark Web. Attackers try these pairs on other websites in hopes that people re-use the same credentials elsewhere. These “drip” attacks typically fly under the radar because they more closely resemble legitimate web user traffic. They are harder to detect, but our technology team doesn’t rest and rely on what worked yesterday.
In response to this and the other-all state of online security, we are investigating several ways to monitor and mitigate attacks like this in the future. You can expect a requirement to complete captcha as part of the login process across all plans and products soon. Enterprise customers also have the added, optional feature of using two-factor authentication—which we highly recommend activating.
We will introduce more mitigation options to all users in the months ahead. If you have any questions, please reach out to our Customer Success team via email at firstname.lastname@example.org or call 1-800-913-0988.