Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Which are most used passwords in opportunistic criminal attacks?

Which are the usernames and passwords used by hackers when they scan the internet indiscriminately? Give a look to the Rapid7′ report Recently the firm Splashdata revealed in its annual report on the worst 2015 passwords (“123456” and “password”), today I desire to present you a new interesting study on passwords conducted by Rapid7. The experts used Heisenberg, […]

Which are most used passwords in opportunistic criminal attacks?

Which are the usernames and passwords used by hackers when they scan the internet indiscriminately? Give a look to the Rapid7′ report

Recently the firm Splashdata revealed in its annual report on the worst 2015 passwords (“123456” and “password”), today I desire to present you a new interesting study on passwords conducted by Rapid7.

The experts used Heisenberg, a network of low-interaction honeypots that took note of the most common passwords used the hackers in targeting Internet-exposed systems.

The research conducted by Rapid7 has focused on the brute force attacks that tried to guess Remote Desktop Protocol (RDP) credentials for control home, point-of-sale (PoS), and kiosk systems.

“Attackers do not merely pick random strings as passwords (or usernames). Such brute force attacks are process intensive, time consuming, and tend to have very poor performance from the attacker’s point of view. Instead, attackers in our data set were clearly conducting dictionary attacks; i.e. they were using chosen usernames and passwords that have an assumed high likelihood of success when applied to a target system. ” states the report published by Rapid7.

The experts analyzed more than 221,000 attacks from 119 different countries observed between March 2015 and February 2016. 40 percent of the attacks came from China, followed by the United States with 25 percent of attempts, South Korea with 6 percent, the Netherlands with 5 percent and Vietnam with 3 percent.

passwords honeypot attacks 2

The most common usernames attempted by hackerd were “administrator” and “Administrator,” (60%), other usernames are “user1,” “admin,” “alex,” “pos,” “demo,” “db2admin,” “Admin” and “sql.”

The most common passwords “x” (5,36 %), “Zz” (4,79%) and “St@rt123” (3,62%).

“Truly, the surprising detail to be uncovered here is just how weak these passwords are. One or two characters, easily guessed strings, and a strange appearance of a series of dots. Since these passwords were deliberately chosen by the various scanners which ran up against Heisenberg, it implies that the default and common passwords to several POS and kiosk systems are chosen out of convenience, rather than security.” continues the report.

passwords honeypot attacks

 

The experts used Dropbox’s Zxcvbn application for measuring password complexity, determining that less than 9 percent of the passwords used by hackers got the highest score, meanwhile 14.3 percent scored “3.”

“Zxcvbn is hosted on a GitHub repository and was released by Dropbox with a permissive open source license. Rapid7 data scientists and software engineers absolutely love well-cared-for open source projects, so we have adopted zxcvbn as a means to measure the complexity of Heisenberg-collected passwords. By running our collected passwords through zxcvbn, we can approximate “complexity” with zxcvbn’s crackability score.”

[adrotate banner=”9″]

 

Pierluigi Paganini

(Security Affairs – Worst passwords, cyber crime)