Here are hackers' 10 favourite passwords

Heisenberg network reveals stolen credentials most commonly used by cyber criminals

Hackers' most popular passwords to use as they try to break into IT systems have been laid bare by security firm Rapid 7.

'X' tops the list of the 10 most common passwords cyber criminals try out, and is followed by Zz, St@rt123, 1, P@ssw0rd, bl4ck4ndwhite, admin, ....... , and administrator.

This is according to Rapid 7's latest paper, The Attacker's Dictionary, which the firm unveiled at RSA Conference 2016.

It focused particularly on credentials attacks on internet-connected point of sale (POS) systems, kiosks, and scamware-compromised PCs that offer Remote Desktop Protocol (RDP) for remote management.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

POS units in particular were targeted by lots of cyber criminals, because they can be very lucrative if breached, as several high profile cases, like the Target hack, have shown.

Todd Beardsley, senior security research manager at Rapid 7, told IT Pro: "We were expecting to see a flow of 'normally bad' passwords, such as default admin passwords, because that happens all the time - we see it in home routers and SSH and all the other normal control panels.

"The thing that was really surprising, though, is how stupendously bad these passwords are. Normally you have your list of the top ten, which starts with 'password' and this year probably ends with 'starwars'. These passwords are much worse than that."

Usernames were similarly insecure, with the top ten being: administrator, Administrator, user1, admin, alex, pos, demo, db2admin, Admin, and sql.

Cyber criminals try these usernames and passwords because they are a combination of default passwords not being changed (db2admin: d-b2admin is the default for a number of IBM databases, for example), and ones made to be easy to remember, rather than secure, Rapid 7 believes.

Additionally, some businesses, especially retail, may not be able to change their POS systems' credentials from the default to something more secure because these systems are often installed and managed by a third-party.

Advertisement - Article continues below

"These companies will often have a good IT admin team in the back, but then you have this sort of shadow POS IT hanging off it that is not getting administered particularly well," said Beardsley.

The data the report is based on was collected by Heisenberg, the company's network of low-interaction honeypots - sites that reside on an IP address only, with no registered URL or domain name - that emulate the authentication handshakes of several protocols to passively monitor the internet for waves of credentials-based attacks.

Given there is no legitimate reason for anyone or anything to attempt to connect to the Heisenberg nodes, as they do not offer any services, Rapid 7 assumed this traffic was malicious.

Beardsley said: "We were curious how often opportunistic attacks out on the internet happen and using what protocols - is it mostly HTTP? Is it mostly SSL? - we didn't really know.

Advertisement
Advertisement - Article continues below

"Combining Heisenberg with Operation Sonar, which is sort of the opposite in that it pings the whole internet on a variety of services, I think we can put together a pretty decent picture of what that background radiation is of online crime and fraud."

The Attacker's Dictionary can be downloaded and read in full here.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/policy-legislation/data-governance/354496/brexit-security-talks-under-threat-after-uk-accused-of
data governance

Brexit security talks under threat after UK accused of illegally copying Schengen data

10 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/hardware/laptops/354533/dell-xps-13-new-9300-hands-on-review-chasing-perfection
Laptops

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020