Page 24 - GP Fall 2020
P. 24
cluding any open ports. This is a valuable To be sure, passwords were also ranked. Password Cyberhygiene
first step because bad actors can use IP scan- Rapid7 found that “x” (5.3%), “Zz” (4.8%), To check if your password is weak you can
ners to search for vulnerable targets. “St@rt123” (3.6%), “1” (2.6%), “P@ss- go to a password checker online like, pass-
In a study conducted by Rapid7, a security wOrd” (2.5%) and “bl4ck4ndwhite” (2.3%) wordmeter.com and check the strength of
9
research group, honeypots were set up with were in the top six passwords used in the your passwords. Various password check-
Figure 3 Pas unpublished IP addresses. This was done Figure 3 Password Frequency Figure 3 Password Frequency sword Frequency 7 attacks. (Figure 3) Certainly, this points up ers will give you a report on how difficult
the fact that a weak password is literally an your password is and how much computer
From: https: so that the only “hits” would come from ser- From: https://blog.rapid7.com/2016/03/01/the-attackers-dictionary/ From: https://blog.rapid7.com/2016/03/01/the-attackers-dictionary/ //blog.rapid7.com/2016/03/01/the-attackers-dictionary/ power it will take to crack it. And each
open door for bad actors.
10
vices that were scanning a wide range of IP
addresses, presumably searching for some- will have more nuanced information, so,
thing to attack. When a bad actor attempted for instance this password, “qwerty123” re-
to make a connection, the honeypot captured turned a 41% score on passwordmeter.com.
the attacker’s background information. (Figure 4) While on howsecureismypass-
word.net it rated, “your password would be
The research conducted by Rapid7 includ- cracked INSTANTLY.” (Figure 5)
11
ed how attackers attempted to break into the
honeypots by guessing passwords. They first To find out how long it would take a bad
determined how many possible targets were actor to crack a password similar to yours
on the Internet running RDP. They discov-
ered almost 11 million different IP addresses (don’t put your real passwords in to check)
12
of devices listening for this type of traffic, go to my1login.com. At this site, the
spread out worldwide. Finding a port that password, ‘qwerty’ was instantly cracked,
is ‘listening’ for traffic is job 1 for hackers. but a new password, “Mndfiafbd12” ranks
in at 11 thousand years. (Figure 6) Which
“After 334 days, the honeypots recorded comes from ‘My new dog Fido is a French
221,203 different login attempts, an average bull dog 12” (He weighs 12 pounds). This
of 662 attempts each day. These attempts is an initialism and if we add just a single
13
came from 5,076 distinct IP addresses from symbol like the pound sign, “#” the ‘time to
119 different countries. The attackers used crack’ increases to 1 million years. Certain-
1,806 different usernames and 3,969 differ- ly, enough time to comfortably retire your
ent passwords.” 8
system.
The Rapid7 analysis revealed some inter-
There is also another little trick that you
esting findings. Almost 40 percent of the at-
tacks originated from China and 24 percent can use to make passwords harder to crack.
Create a non-standard character. These are
from the United States. They also found that
the most commonly attempted user names characters that are created when you press
were “administrator” (34 percent), “Admin- the alt key, for instance “alt -156” creates
Figure 2 Username Frequency istrator” (24 percent), “user1” (3 percent), Figure 3. Password frequency. 14
Figure 2 Username Frequency
(From: https://blog.rapid7.com/2016/03/01/the-attackers-dictionary/)
(From: https://blog.rapid7.com/2016/03 / 0 1/ the-att ac ke r s - d ic t i o n ary / ) Figure 4 the symbol ‘£’. This creates a character
and “admin” (2 percent). (Figure 2)
From: http://www.passwordmeter.com/ that falls further outside the domain of ‘usu-
Figure 2. Username frequency.
www.nysagd.org l Fall 2020 l GP 24 Figure 4.