Article Details
Scrape Timestamp (UTC): 2023-10-17 21:50:35.103
Original Article Text
Click to Toggle View
Over 40,000 admin portal accounts use 'admin' as a password. Security researchers found that IT administrators are using tens of thousands of weak passwords to protect access to portals, leaving the door open to cyberattacks on enterprise networks. Out of more than 1.8 million administrator credentials analyzed, over 40,000 entries were “admin,” showing that the default password is widely accepted by IT administrators. Default and weak passwords The authentication data was collected between January and September this year through Threat Compass, a threat intelligence solution from cybersecurity company Outpost24. Outpost24 says that the authentication credentials come from information-stealing malware, which typically targets applications that store usernames and passwords. Although the collected data was not in plain text, the researchers say that “most of the passwords in our list could have been easily guessed in a rather unsophisticated password-guessing attack.” “To narrow down our password list to administrator passwords, we searched the statistical data stored in the Threat Compass backend for pages identified as Admin portals. We found a total of 1.8 million passwords recovered in 2023 (January to September)” - Outpost24 Depending on its purpose, an admin portal could provide access related to configuration, accounts, and security settings. It could also allow tracking customers and orders, or provide a means for create, read, update, delete (CRUD) operations for databases. After analyzing the collection of authentication credentials for admin portals, Outpost24 created a top 20 of the weakest authentication credentials: The researchers warn that although the entries above are “limited to known and predictable passwords,” they are associated with admin portals, and threat actors are targeting privileged users. Defending the enterprise network starts with applying baseline security principles like using long, strong, and unique passwords for every account, especially for users with access to sensitive resources. To keep safe from info-stealing malware, Outpost24 recommends using an endpoint and detection response solution, disabling password saving and auto-fill options in web browsers, checking domains when a redirection occurs, and steering away from cracked software.
Daily Brief Summary
Over 1.8 million admin credentials were analyzed by security researchers, they found over 40,000 entries using “admin” as the password, increasing vulnerability to potential cyberattacks.
The authentication data was gathered between the months of January and September 2021 through Threat Compass, a threat intelligence solution from cybersecurity company Outpost24.
The credentials came from data harvested by information-stealing malware and, although not in plain text, the majority of these could be easily decoded and exploited without implementing complex attack strategies.
A potential intruder could gain access to confidential company data, customer tracking, and database operations through these admin portals.
Outpost24 advises the use of long, strong, and unique passwords for every account, especially those with access to sensitive resources to enhance security.
They also recommend the use of an endpoint and detection response solution, disabling password saving and auto-fill options in web browsers, verifying domains when redirection occurs, and avoidance of cracked software to avert potential attacks.