3 Mar 2016 By Phil Muncaster
Researchers have unveiled even more evidence suggesting retail IT security admins would do well to choose strong passwords and usernames for point of sale (POS) systems, after it was revealed that opportunistic hackers scan the web for weak credentials.
Rapid7’s Project Heisenberg sees the firm collating data from a public-facing network of low-interaction honeypots to ascertain what hackers are trying to examine or exploit.
The latest results provide an interesting snapshot into exactly what they’re scanning for in a bid to compromise internet-connected POS systems, kiosks and compromised desktops offering the Remote Desktop Protocol (RDP) service for remote management.
Rapid7 collected data over almost a year (334 days), recording over 221,000 log-in attempts from over 5000 IP addresses in 119 countries.
Interestingly, of the 3969 different passwords used by hackers, the most popular was not the typical “password” or “12345” but “x,” which featured over 5% of the time. Other popular passwords used by the hackers included “Zz,” “St@rt123” and “1” – while the old favorite “P@ssw0rd” also appeared in the top 10 list, alongside “admin.”
Full Article
POS Hackers Caught Scanning for Simple Passwords
Userlevel 7
+54
Userlevel 7
How many times has this issue come up......strong.......strong passwords and usernames is a must and changed on a regular basis.
Userlevel 7
By Anthony Spadafora
The security group Rapid7 has released a new report that may prompt some alarm from web users who are heedless when it comes to choosing their online passwords.
Instead of using the passwords that internet users are the most likely to pick, the group took a different route and examined the passwords that cybercriminals are actually trying to use to hack into a number of systems including POS systems, kiosks, and computers.
The results of Rapid7’s study found that a majority of the top passwords used by cybercriminals to break into systems are incredibly simple, which shows that most internet users are using passwords that are not diverse nor complicated enough. Some examples from the report include the passwords "admin", "x", "Zz" and "1".
The easiest way to gain access to a user or business’ system is by guessing passwords. The software used by hackers will often try the most common passwords first. If a weak password is used between multiple accounts, cybercriminals will easily be able to gain access to many of a users’ accounts.
full article here:
The security group Rapid7 has released a new report that may prompt some alarm from web users who are heedless when it comes to choosing their online passwords.
Instead of using the passwords that internet users are the most likely to pick, the group took a different route and examined the passwords that cybercriminals are actually trying to use to hack into a number of systems including POS systems, kiosks, and computers.
The results of Rapid7’s study found that a majority of the top passwords used by cybercriminals to break into systems are incredibly simple, which shows that most internet users are using passwords that are not diverse nor complicated enough. Some examples from the report include the passwords "admin", "x", "Zz" and "1".
The easiest way to gain access to a user or business’ system is by guessing passwords. The software used by hackers will often try the most common passwords first. If a weak password is used between multiple accounts, cybercriminals will easily be able to gain access to many of a users’ accounts.
full article here:
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.