New research from Outpost24 concludes that IT administrators may be as careless as the other employees regarding password security. An analysis of over 1.8 million passwords exposes this trend.
Top Administrator Passwords
Here are the top 15 administrator passwords discovered by Outpost24:
- admin
- 123456
- 12345678
- 1234
- Password
- 123
- 12345
- admin123
- 123456789
- adminisp
- demo
- root
- 123123
- admin@123
- 123456aA@
While these findings predominantly consist of well-known and predictable passwords, their association with admin portals highlights the vulnerability of privileged users to hacking attempts.
Understanding Password-Stealing Malware
Malware exists in various forms and can infiltrate systems through diverse social engineering tactics. Once installed, this malware covertly resides in the background, collecting personal information, including logins from the victim’s computer for applications like web browsers, FTP clients, mail clients, and wallet files. The malware can circumvent encryption mechanisms, revealing plaintext passwords depending on the application. Subsequently, these stolen passwords eventually wind up on the black market, where they are sold to the highest bidder for use in account takeover or credential stuffing attacks.
Lessons from the Microsoft Exchange Password Hack
In March 2021, Microsoft experienced a significant incident involving a cyberattack on its Exchange email software. This breach was attributed to the Chinese hacking group Hafnium, and its consequences were far-reaching.
The attack targeted hundreds of thousands of on-premises servers across the United States that were running Microsoft Exchange, affecting businesses, local governments, and government agencies. The breach exposed sensitive email communications within these organizations, underscoring the need for enhanced security measures.
Hafnium’s intrusion occurred through two primary avenues. Firstly, they exploited an undisclosed vulnerability within Microsoft Exchange, providing them with unauthorized server access. Secondly, stolen passwords were employed to infiltrate the targeted systems. Once inside, the attackers established remote access points known as “web shells” around these servers, allowing them to pilfer email data from the compromised organizations.
Centraleyes Password Security Recommendations
- Staying informed about evolving trends in the cybercriminal landscape is essential. A threat intelligence solution can help identify emerging threats and necessary security measures.
- Timely Patching: Admins must ensure that software and systems are updated promptly with security patches to address known vulnerabilities.
- Strong, Unique Passwords: Admins should use strong, unique passwords that are difficult for attackers to guess. Avoid common, easily guessable passwords.
- Multi-Factor Authentication: Enabling MFA is a critical layer of defense. Even if an admin’s password is compromised, MFA provides an additional barrier to unauthorized access.
- Regular Password Rotation: Admins should periodically change their passwords to reduce the risk associated with stolen credentials.
