Passwords remain a top threat for cybersecurity

A new research showed that 50 percent of government and military employee LinkedIn passwords were weak enough to be cracked in less than two days. The reality that passwords alone can’t offer sufficient protection is sustained also by the Mimikatz credential-stealing malware and the popularity of brute force login attacks against web applications.

Nearly half of government and military employee passwords are weak
The conclusion was made after conducting a thorough analysis of the 2012 LinkedIn data dump in order to check user password strength. Sadly we have to announce that of the 355,023 government and military account passwords within the database, 178,580 were cracked in under two days.
The most common passwords used by these accounts included “123456,” “password,” “LinkedIn,” “sunshine,” and “111111”. The study, not surprisingly found that just over 50 percent of civilian passwords were weak. These findings further illustrate the need for stronger passwords for everyone, and a higher standard of security among public service employees that handle potentially sensitive information.

Mimikatz was the most prevalent malware variant in Q2
Of the top 10 malware variants listed last quarter, Mimikatz is a well-known password and credential stealer that has been popular in past quarters but has never been the top strain. Mimikatz’s dominance reveals that authentication attacks and credential theft are still major priorities for cybercriminals. This also shows that passwords alone are inadequate, and should be fortified with MFA services that make hackers’ lives harder by requiring additional authentication factors in order to successfully log in and access the network.

WEB Brute Force Login -1.1021 is ranked as the fourth most prevalent web attack in particular; the attack enables hackers to execute a massive deluge of login attempts against web applications, leveraging an endless series of random combinations to crack user passwords in a short period of time. This attack, in particular, is another good example which shows the importance of not only password security and complexity but the need for MFA solutions.

Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;

Malicious crypto miners are continuing to grow in popularity as a hacking tactic, too. For example, Cryptominer.AY, which matches a JavaScript crypto miner called Coinhive and uses its victims’ computer resources to mine the popular privacy-focused cryptocurrency, Monero (XRM), shows that victims in the United States were the top geographical target for this crypto miner, receiving approximately 75 percent of the total volume of attacks.

Hackers also continue to use infected Office documents, that are exploiting old vulnerabilities in the popular Microsoft product to fool unsuspecting victims. Interestingly is the fact that three new Office malware exploits represent the 75 percent of attacks from targeted EMEA victims, which had a heavy focus on users in Germany specifically.

We would continue to monitor this cyber problem. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.