A new report by vulnerability management firm Rapid7 disclosed that hackers attempt very simple usernames and passwords to breach third-party systems.
The researchers employed a few hundred honeypots over 12 months to examine how hackers try to remotely breach foreign networks using the two most widely utilized types of remote administration systems - secure shell protocol and remote desktop protocol.
Interestingly, threat analysts unearthed 512 thousand of cases in which the attackers could enter information from a well-known file called RockYou2021.txt that has close to 8.4 billion passwords employed by users.
"We know now, provably and demonstrably, that nobody — 0% of attackers — is trying to be creative when it comes to unfocused, untargeted attacks across the Internet. Therefore, it's straightforward to avoid this kind of opportunistic attack, and it takes very little effort to take this threat off the table entirely, with modern password managers and configuration controls,” Tod Beardsley, director of research at Rapid7 stated.
According to an analysis by cybersecurity firm ESET, the exploitation of common passwords has risen dramatically during the COVID-19 pandemic, with password guessing becoming the most popular method of attack in 2021. To infiltrate third-party systems, the hackers employ usernames such as “user” or “admin” and passwords such as “123456”, “123456789” and “qwerty”.
This emphasizes the poor choice of internet users while setting passwords. Last year in October, a cybersecurity researcher in Tel Aviv, Israel, discovered he could recover the passwords to 70% of the wireless networks as he pedaled past, often because they used a cellphone number as the password.
"With the increasing adoption of both remote work and cloud infrastructures, the number of people accessing corporate information systems across the internet has skyrocketed," Rapid7 added in its report. "As with so many things in security, the addition of convenience and complexity has made the task of protecting these systems far more challenging."
Mitigation Tips
The researchers recommended organizations lock down RDP, including limiting all remote access attempts to only hosts that have been legitimized first via the corporate VPN, as well as changing the default RDP port to automatically sidestep many automated attacks. Organizations should also encourage employees to use password managers.
Additionally, the businesses can employ a free tool such as Defaultinator, which Rapid7 designed to audit SSH and RDP endpoints, to ensure that production systems aren't using default passwords.