The climate of concern around open source security and supply chain attacks may have caused a small story to become a big one. Read More
Related Posts
Cactus ransomware exploiting Qlik Sense flaws to breach networks
Cactus ransomware exploiting Qlik Sense flaws to breach networks
Cactus ransomware has been exploiting critical vulnerabilities in the Qlik Sense data analytics solution to get initial access on corporate networks. […] Read More
BleepingComputer
IT Admins Set Admin Portal Passwords to ‘admin’ – Almost 40,000 Entries Found
IT Admins Set Admin Portal Passwords to ‘admin’ – Almost 40,000 Entries Found
IT admins can be considered culpable for weak password use if they fail to enforce strong password policies or neglect proper security measures.
Their responsibility includes setting and maintaining robust password standards, implementing multi-factor authentication, and educating users about password security.
Failure to do so can contribute to weak password practices and compromise system security, making IT admins partially responsible for any resulting vulnerabilities or breaches.
Outpost24’s analysis of 1.8 million passwords reveals ‘admin’ as the top choice, with over 40,000 occurrences, highlighting the persistence of default passwords.
Document
FREE Demo
Deploy Advanced AI-Powered Email Security Solution
Implementing AI-Powered Email security solutions “Trustifi” can secure your business from today’s most dangerous email threats, such as Email Tracking, Blocking, Modifying, Phishing, Account Take Over, Business Email Compromise, Malware & Ransomware
Default Passwords
Default passwords are also commonly accepted, according to Outpost24’s Threat Compass data, a solution that identifies compromised credentials for early threat mitigation.
Default passwords, like ‘admin’ or ‘password,’ are predefined and commonly known. They pose a significant security risk, are easy entry points for attackers, and have been prohibited by recent legislation.
However, based on data from credential-stealing malware reveals that many of these passwords could be easily guessed in unsophisticated attacks.
Top 20 Administrator Passwords
Researchers identified administrator passwords from a dataset of 1.8 million passwords collected in 2023.
Here are the top 20 administrator passwords as detected by Outpost24’s Threat Compass:-
admin
123456
12345678
1234
Password
123
12345
admin123
123456789
adminisp
demo
root
123123
admin@123
123456aA@
01031974
Admin@123
111111
admin1234
admin1
Technical analysis
Malware delivery methods vary, from phishing campaigns to specialized tactics. Organized groups like Traffers now use methods such as YouTube videos and Google ads to spread malware through deceptive content, targeting administrators with fake IT tools.
This malware can quietly collect personal data, including:-
Login information
Web browsers data
FTP clients data
Mail client account data
Wallet files
Encryption can be bypassed in certain applications, like Google Chrome, allowing malware to request decryption of stored passwords.
These stolen passwords may end up in a marketplace for sale to attackers for several illicit purposes.
To safeguard passwords and critical business data, there are two key steps:-
Enhancing password security with best practices
Preventing malware infections
Recommendations
Here below we have mentioned all the recommendations below:-
Stay safe with modern endpoint defense and antivirus solutions.
Turn off browser password storage to protect against malware access.
Make sure to confirm the correct site after clicking ads or links.
Always remain vigilant, spotting domain typos and suspicious website signs.
Do not use cracked software or applications.
Reduce targeted attack risk with secure credentials.
Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Take advantage of the free trial to ensure 100% security.
The post IT Admins Set Admin Portal Passwords to ‘admin’ – Almost 40,000 Entries Found appeared first on Cyber Security News.
Cyber Security News
Hackers Impersonating as Security Researcher to Aid Ransomware Victims
Hackers Impersonating as Security Researcher to Aid Ransomware Victims
Hackers impersonate security researchers to exploit trust and credibility. By posing as legitimate figures in the cybersecurity community, they:
Gain access to sensitive information
Manipulate victims into compromising actions
Enhance the success of their malicious activities while evading suspicion
Cybersecurity researchers at Arctic Wolf Labs recently discovered that hackers are actively impersonating security researchers to aid ransomware victims.
Document
Free Webinar
Fastrack Compliance: The Path to ZERO-Vulnerability
Compounding the problem are zero-day vulnerabilities like the MOVEit SQLi, Zimbra XSS, and 300+ such vulnerabilities that get discovered each month. Delays in fixing these vulnerabilities lead to compliance issues, these delay can be minimized with a unique feature on AppTrana that helps you to get “Zero vulnerability report” within 72 hours.
Technical Analysis
Arctic Wolf Labs researchers found ransomware victims getting extorted again, with fake ‘helpers’ promising to delete stolen data.
They posed as security researchers in two cases, offering to hack the original ransomware group’s servers. This is the first known case of a threat actor pretending to be a legitimate researcher and offering to delete hacked data from another ransomware group.
Despite different personalities, the security analysts believe it’s likely the same actor behind both extortion attempts.
Despite appearing distinct, both cases share key elements. Analyzing their communication styles revealed clear similarities.
Besides this, the unique aspects include the following:
Low ransom demands
Masquerading as a legit researcher
Offering data deletion to prevent future attacks
Cases
Here below, we have mentioned the two cases that the cybersecurity researchers identified:
Case 1 – Royal Ransomware Compromise and Ethical Side Group Data Deletion Extortion: In this case, the Ethical Side Group (ESG) told a Royal ransomware victim in October 2023 via email that they had victim data taken by Royal. In 2022, Royal said they deleted it, but ESG falsely blamed TommyLeaks. ESG offered to hack and delete the data from Royal’s server for a fee.
Case 2 – Akira Ransomware Compromise and xanonymoux Data Deletion Extortion: In this case, an entity claiming to be “xanonymoux” told an Akira ransomware victim in November 2023 they had the exfiltrated data Akira denied having. That’s why xanonymoux offered its help to delete the data or grant server access, alleging Akira’s link to the Karakurt extortion group.
Common Threat Actor Behaviors
Here below, we have mentioned all the common threat actor behaviors:
Acting in the role of a security researcher
Defended the right to inspect the computer infrastructure that houses data compromised in the past
Exchanged messages over Tox
Provided as a means of establishing jurisdiction over stolen information
Potential for such attacks in the future due to unresolved security concerns
Quantity of data that was previously extracted
Minimum required payment amount (<= 5 BTC)
ten terms that appear in both the body of the email and the header
Use of file.io to prove victim data access
Decrypting the complicated world of ransomware, RaaS affiliates juggle multiple encryption payloads.
Uncertainty persists about group sanctioning in follow-on extortion. Beware of relying on criminal enterprises to delete data post-payment.
After analyzing the similarities found in the documented cases, Researchers reasonably conclude that a single threat actor has been targeting organizations previously affected by Royal and Akira ransomware attacks. This conclusion is made with a moderate level of confidence. Nevertheless, it remains uncertain if the original ransomware groups authorized the subsequent instances of extortion or if the threat actor operated independently to obtain more funds from the targeted organizations.
Secure Your Network with Network Security Checklist: Download Free E-Book
The post Hackers Impersonating as Security Researcher to Aid Ransomware Victims appeared first on Cyber Security News.
Cyber Security News