During a log review, what type of attack is indicated by repeated invalid login attempts from the same user?

A brute-force attack is characterized by an attacker systematically attempting numerous combinations of usernames and passwords in order to gain unauthorized access to an account. When there are repeated invalid login attempts from the same user, it suggests that there is an effort to guess the password. This aligns directly with the behavior of a brute-force attack, as the attacker is trying each possible password until the correct one is found.

In cases of brute-force attacks, the attacker usually does not have prior knowledge of the password, which means they are relying on trying many different combinations within a given timeframe. The significant number of incorrect attempts typically points to the brute-force method since the alternative would be a successful login if the correct password were known, or sudden changes in login patterns which could indicate other types of attacks.

In contrast, other types of attacks such as pass-the-hash attacks involve using hashed credentials to log in without needing to guess the password, while man-in-the-middle attacks often do not involve repetitive login attempts—rather, they intercept communications between two parties. Dictionary attacks, while similar to brute-force in the sense of trying multiple passwords, utilize a predefined list of commonly used passwords, making them more specific and likely not indicated by straight serial invalid attempts from the same user without indicating typical