Security researchers found that IT administrators are using tens of thousands of weak passwords to protect access to portals, leaving the door open to cyberattacks on enterprise networks. Out of more than 1.8 million administrator credentials analyzed, over 40,000 entries were "Admin," showing that the default password is widely accepted by IT administrators. The authentication data was collected between January and September this year through Threat Compass, a threat intelligence solution from cybersecurity company Outpost24. Outpost24 says that the authentication credentials come from information-stealing malware, which typically targets applications that store usernames and passwords. Although the collected data was not in plain text, the researchers say that "Most of the passwords in our list could have been easily guessed in a rather unsophisticated password-guessing attack." "To narrow down our password list to administrator passwords, we searched the statistical data stored in the Threat Compass backend for pages identified as Admin portals. We found a total of 1.8 million passwords recovered in 2023" - Outpost24. Depending on its purpose, an admin portal could provide access related to configuration, accounts, and security settings. It could also allow tracking customers and orders, or provide a means for create, read, update, delete operations for databases. The researchers warn that although the entries above are "Limited to known and predictable passwords," they are associated with admin portals, and threat actors are targeting privileged users. Defending the enterprise network starts with applying baseline security principles like using long, strong, and unique passwords for every account, especially for users with access to sensitive resources. To keep safe from info-stealing malware, Outpost24 recommends using an endpoint and detection response solution, disabling password saving and auto-fill options in web browsers, checking domains when a redirection occurs, and steering away from cracked software. Fighting off cyberattacks? Make sure user credentials aren't compromised. Can we fix the weaknesses in password-based authentication? Are your end-users' passwords compromised? Here's how to check. Okta: Hackers target IT help desks to gain Super Admin, disable MFA..
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000