When conducting internal pentelow, i.e. penetration tests in enterprise network to pick up the user’s credentials succeeded in 96% of cases, the main disadvantages of protection was too simple passwords for users, said the head of the research group of Department of Analytics of information security Positive Technologies Catherine Milusheva. Experts have called the most popular of these passwords.
the Results of internal and external penetration testing conducted by our experts last year revealed that one of the most popular password format “Mesazhet” in Latin layout, for example, Ltrf,hm2019 or Fduecn2019. These passwords were found in every third of the company, and in the same organization they have been matched for more than 600 users, explained Milusheva in conversation with the Agency “Prime”.
In an attempt to capture credentials, attackers first use the brute force method (brute-force) is the automatic introduction of the most popular simple passwords. If none of them came, used social engineering — that is, selection of the password by using the user’s personal data — name, surname, year of birth, said the head of “cyber security Agency”, member of expert Council of state Duma Committee on information policy Evgeny Lifshitz.
Thus, it is possible to give a definite recommendation not to use the default passwords and not to use weak passwords, which will go bust in the first place. This sequence of numbers: 12345, date of birth: 01.01.1990, phone numbers, simple words like password or qwerty, — said the expert.
Also unreliable are the passwords of the type “name+year of birth” or the names of loved ones — these are easily found in the public domain, for example, in social networks. According to the founder of DeviceLock Ashot Oganesyan, strong passwords can be considered as consisting of random letters, numbers and symbols, in this matter and the length of the password.
Wrote NEWS.ru earlier, the daily number of attacks using the method of password guessing (brute-force) increased during the transition of companies to the home office. The figure reached the mark of 100 thousand computers. Because of the transition to home mode the IT departments of many companies provide employees with remote access to the corporate network and sensitive data from home devices via Remote Desktop Protocol (RDP). The staff, as noted by the experts of the company ESET, one often becomes weak passwords and not using the tools of two-factor authentication, which is used by cyber criminals.