Password inadequacy remains a top threat in internet security, according to a new report from WatchGuard Technologies.
Half of government and military employee LinkedIn passwords are so weak that they can be cracked in under two days, according to WatchGuard Technologies' Internet Security Report. Password inadequacy, along with Mimikatz malware, cryptocurrency miners, and malicious Office documents, came in as the largest threats for Q2 2018, said the press release.
The findings were gathered using an anonymized Firebox Feed data from 40,000 active WatchGuard UTM appliances around the world, said the release. The report unveils the top security threats to SMBs and distributed enterprises, added the release.
SEE: Password management policy (Tech Pro Research)
Of the 355,023 government and military LinkedIn account passwords in the database, WatchGuard Technologies was able to crack 178,580 in less than two days, said the release. The most common passwords included "123456," "password," "linkedin," "sunshine," and "111111."
Over half of civilian passwords were just as weak, emphasizing the need for employees to not only maintain strong passwords, but for organizations to implement multi-factor authentication solutions and require frequent password changes, said the release.
"Authentication is the cornerstone of security, and we're seeing overwhelming evidence of its critical importance in the common trend of password—and credential—focused threats throughout Q2 2018," said Corey Nachreiner, chief technology officer at WatchGuard Technologies, in the release. "Whether it's an evasive credential-stealing malware variant or a brute force login attack, cyber criminals are laser-focused on hacking passwords for easy access to restricted networks and sensitive data."
Brute force malware attacks on web applications were another major threat found in the report. One malware variant in particular, Mimikatz, dominated authentication and credential attacks in Q2, which is further evidence that passwords alone are not enough protection, said the release.
Malicious cryptominers gained ground in Q2, making WatchGuard's top 10 malware list for the first time, said the release. The data found the US to be the main target of attacks, occupying 75% of the total attack volume.
Business pros also need to keep a close eye on Office documents, as three new Office malware exploits also made WatchGuard's top 10 list, according to the release. With this strategy, old vulnerabilities in Office documents are exploited, tricking unsuspecting victims.
Check out this TechRepublic article for simple ways to avoid malware on all your devices.
The big takeaways for tech leaders:
- Half of government and military employees' LinkedIn account passwords can be hacked in fewer than two days, pushing the need for multi-factor authentication. — WatchGuard Technologies, 2018
- Malware remains a dominant threat to business pros, including attacks on web applications and Office documents. — WatchGuard Technologies, 2018
- How to set up two-factor authentication for your favorite platforms and services (free PDF) (TechRepublic)
- Why is cryptomining malware skyrocketing right now? (ZDNet)
- Cheat sheet: Two-factor authentication (TechRepublic)
- What is malware? Everything you need to know about viruses (ZDNet)
- SMBs at higher risk of sophisticated cyberattacks: Here are the top threats (TechRepublic)