©2021 Reporters Post24. All Rights Reserved.
Passwords, you can’t live with them and most organizations seem to be lagging when it comes to living without them. Despite the best efforts of industry giants to convince us that passkeys are the future right now, we seem to be stuck in a password time warp. And that, dear reader, is very bad news indeed. Just look at the facts, whether in the form of 50% of internet users reusing the same password across services, phishing attacks that can bypass email security protections, or stolen passwords being used in most ransomware attacks. Talking of which, with 244 million passwords stolen from a crime forum and shared online, and infostealer malware behind the theft of a staggering 3.9 billion passwords in all, you really cannot ignore the dangers of poor password hygiene any longer. If you want any further proof, security researchers have just confirmed the discovery of 85 million new compromised passwords and analyzed how they are being used in attacks against enterprise networks.
85 Million Compromised Passwords Added To Breached List
With the addition of some 85 million compromised passwords to the Specops breached password protection service on March 18, detected through a combination of honeypots and threat intelligence sources, the time to start taking password security seriously has long since passed. Heck, you’ve only got to look at the passwords that are actively being used to attack enterprise Remote Desktop Protocol ports right now to understand that.
Specops has revealed that the top ten passwords observed in RDP port brute force attacks are, and I hope you are ready for this staggering display of security-stupid: 123456, 1234, Password1,12345, P@ssw0rd, password, Password123, Welcome1, 12345678 and Aa123456.
The list was compiled after Specops researchers analyzed a subset of NTLMv2 hashes spanning from late 2024 to date. These had to be cracked by the researchers, which was necessary to isolate the hashes relating to RDP attacks in particular. “So, bear in mind this data is illustrative of recent login attempts against the RDP port of said honeypots,” the researchers said, “rather than the full dataset.” This, somehow, doesn’t leave me feeling any better about password security.
Why Hackers Target RDP Passwords And The Mitigations Available
According to the Specops research team report, the reason for the attacks targeting RDP ports is quite simple. They are used to provide access to remote and hybrid workers. “The RDP port can also give remote servers the ability to provide maintenance, set up, and troubleshooting,” the report said, “regardless of their location. It offers an easy way to remotely connect to corporate environments, which unfortunately also makes it a target for hackers.”
If an RDP port is exposed, then it is fair game for the brute-force password hackers. “Additionally,” the researchers warned, “attackers may conduct password spraying attacks on RDP servers and try known breached credentials on exposed servers.”
Specops recommended the following mitigations against these kinds of RDP brute force attacks using compromised passwords. Enable push-spam-resistant multi-factor authentication to RDP connections, keep your servers and clients patched and up to date, check for misconfigurations and “block the use of weak and compromised passwords in your Active Directory.”
