A new security research reveals that the biggest threat to cyber security is password inadequacy, as a result of which organizations should adopt multi-factor authentication system. The findings, according to WatchGuard Technologies’ Internet Security Report revealed that 50 percent of government and military employees’ LinkedIn passwords were weak enough to be cracked in less than two days.
This finding, along with the emergence of the Mimikatz credential-stealing malware as a top threat and the popularity of brute force login attacks against web applications, underscores the reality that passwords alone can’t offer sufficient protection, and emphasizes the need for multi-factor authentication (MFA) solutions in every organization.
“Authentication is the cornerstone of security, and we’re seeing overwhelming evidence of its critical importance in the common trend of password- and credential-focused threats throughout the second quarter of this year,” said Corey Nachreiner, CTO at WatchGuard Technologies.
“Whether it’s an evasive credential-stealing malware variant or a brute force login attack, cyber criminals are laser-focused on hacking passwords for easy access to restricted networks and sensitive data,” he added.
The top takeaways from the Q2 2018 report include:
· Roughly half of government and military employee passwords are weak. After conducting a thorough analysis of the 2012 LinkedIn data dump to identify trends in user password strength, WatchGuard’s Threat Lab team found that half of all passwords associated with “.mil” and “.gov” email address domains within the database were objectively weak. Of the 355,023 government and military account passwords within the database, 178,580 were cracked in under two days. The most common passwords used by these accounts included “123456,” “password,” “linkedin,” “sunshine,” and “111111.”
Conversely, the team found that just over 50 percent of civilian passwords were weak. These findings further illustrate the need for stronger passwords for everyone, and a higher standard for security among public service employees that handle potentially sensitive information. In addition to better password training and processes, every organization should deploy multi-factor authentication solutions to reduce the risk of a data breach.
· Mimikatz was the most prevalent malware variant in Q2. Representing 27.2 percent of the top 10 malware variants listed last quarter, Mimikatz is a well-known password and credential stealer that has been popular in past quarters, but has never been the top strain. This surge in Mimikatz’s dominance suggests that authentication attacks and credential theft are still major priorities for cyber criminals – another indicator that passwords alone are inadequate as a security control, and should be fortified with MFA services that make hackers’ lives harder by requiring additional authentication factors in order to successfully login and access the network.
· More than 75 percent of malware attacks are delivered over the web. A total of 76 percent of threats from Q2 were web-based, suggested that organizations need an HTTP and HTTPS inspection mechanism to prevent the vast majority of attacks. Ranked as the fourth most prevalent web attack in particular, “WEB Brute Force Login -1.1021″ enables attackers to execute a massive deluge of login attempts against web applications, leveraging an endless series of random combinations to crack user passwords in a short period of time. This attack in particular is another example of cyber criminals’ heightened focus on credential theft, and shows the importance of not only password security and complexity, but the need for MFA solutions as a more effective preventative measure.
· Cyber criminals continue to rely on malicious Office documents. Threat actors continue to booby-trap Office documents, exploiting old vulnerabilities in the popular Microsoft product to fool unsuspecting victims. Interestingly, three new Office malware exploits made WatchGuard’s top 10 list, and 75 percent of attacks from these attacks targeted EMEA victims, with a heavy focus on users in Germany specifically.
Nachreiner concluded that every organization, big or small, should seek out vendor and solution provider partners that offer layered protection against these ever-evolving attack techniques.