Microsoft’s network of honeypot servers data showed that very few attacks targeted long and complex credentials. Instead, they primarily focus on short passwords. Ross Bevington, a security researcher at Microsoft, analyzed the credentials entered from over 25 million brute-force attacks against SSH. This is around 30 days of data in Microsoft’s sensor network.
“77% of attempts used a password between 1 and 7 characters. A password over 10 characters was only seen in 6% of cases,” said Bevington.
Also according to him only 7% of the brute-force attempts targeted passwords with a special character. In 39% of cases, passwords had at least one number. And there were no attacks involved with the white space passwords. Bevington as an addition provided statistics on brute-force attacks. And it shows that more than 14 billion brute-force attacks were attempted against Microsoft’s network of honeypot servers (a sensor network). That`s including attacks on Remote Desktop Protocol (RDP) servers until September this year have tripled compared to 325%.
Docker and Kubernetes systems share a 110% increase in attacks and Network printing services also saw an increase of 178%. Bevington added in regard to stats that numbers on SSH & VNC are just as bad. And they just haven’t changed that much since last year.
It’s evident that longer passwords that consist of special characters are most likely safe from the wide number of brute-force attacks. But of course it is as long as they didn’t end up at attackers’ brute-forcing dictionaries or have not been leaked online.
The Microsoft manager advised to use strong passwords, managed identity, and MFA if you open yours to the Internet. Because attackers will go after any brute forcible remote admin protocol. By default solutions like RDP are turned off but if you decide to turn them on, don’t put stuff straight on the Internet.
A brute-force attack is quite a popular password cracking method that means an attacker will try to guess password and username to get unauthorized access to a system, to say it short. This particular method of attack has a high success rate and accounts for five percent of confirmed security breaches.
Some attackers may still perform the brute-force manually but in most cases, it`s bots who do this job. They will go through the list of real or just common credentials and try to use them to notify an attacker if access is gained. The motivation behind brute force may include infecting sites with malware, disrupting service, or stealing information. Whatever the attacker plans it’s always better to prevent such incidents and to do so just use complex and long passwords that will surely keep you safe.
About Held Held is ranked by our antivirus team as the DJVU virus infection. Another…
About Netsmediashub.com Netsmediashub.com pop-ups can not expose out of nowhere. If you have actually clicked…
About News-bhexusa.xyz News-bhexusa.xyz pop-ups can not open out of nowhere. If you have clicked on…
About News-bhupotu.xyz News-bhupotu.xyz pop-ups can not launch out of the blue. If you have clicked…
About News-bhocime.info News-bhocime.info pop-ups can not open out of the blue. If you have actually…
About You-hub.online You-hub.online pop-ups can not launch out of nowhere. If you have clicked on…