Connect with us

Tech

Scammers can crack almost half of the passwords in less than a minute

Scammers can crack almost half of the passwords in less than a minute

Published

on

Scammers can crack almost half of the passwords in less than a minute

In June 2024, Kaspersky experts conducted a large-scale study on the resistance of 193M English passwords, compromised by infostealers and available on the darknet, to brute force and smart guessing attacks. According to the research results, 45% of all analyzed passwords which is almost 87M could be guessed by scammers within a minute. Only 23% (44M) of combinations turned out to be resistant enough and cracking them would take more than a year.

Kaspersky telemetry indicates more than 32 million attempts to attack users with password stealers in 2023. These numbers show the importance of digital hygiene and timely password policies. The results of the Kaspersky study demonstrate that the majority of the reviewed passwords were not strong enough and could be easily compromised by using smart guessing algorithms.
Besides, the majority of the examined passwords (57%) contain a word from the dictionary, which significantly reduces the passwords’ strength. Among the most popular vocabulary sequences, several groups can be distinguished. Popular names include “ahmed”, “nguyen”, “kumar”, “kevin”, “daniel”. While popular words in passwords are “forever”, “love”, “google”, “hacker” and “gamer”. Standard passwords are “password”, “qwerty12345”, “admin”, “12345” and “team”.

The analysis showed that only 19% of all passwords contain signs of a strong combination – a non-dictionary word, lowercase and uppercase letters, as well as numbers and symbols. At the same time, the study revealed that 39% of such passwords could also be guessed using smart algorithms in less than an hour.
”Unconsciously, human beings create ‘human’ passwords – containing the words from dictionary in their native languages, featuring names and numbers. Even seemingly strong combinations are rarely completely random, so they can be guessed by algorithms. Given that, the most dependable solution is to generate a completely random password using modern and reliable password managers. Such apps as Kaspersky Password Manager can securely store large volumes of data, providing comprehensive and robust protection for user information,” Commented Yuliya Novikova, Head of Digital Footprint Intelligence at Kaspersky.

In order to strengthen passwords, users should use a different password for each service. That way, even if one of your accounts is stolen, the rest won’t go with it. It’s better not to use passwords that can be easily guessed from your personal information, such as birthdays, names of family members, pets, or your own name. These are often the first guesses an attacker will try.It’s nearly impossible to memorize long and unique passwords for all the services you use, but with a special solution, such as Kaspersky password manager, you can memorize just one master password.
Enable two-factor authentication (2FA). Using a reliable security solution such as Kaspersky Premium will enhance your protection. It monitors the internet and Dark Web and warns if your passwords need to be changed.

Advertisement

Additional information can be found in the research material on Securelist and Kaspersky Daily post. 

Tech

Three ‘pro-Russian’ hackers arrested in Spain over cyberattacks

Three ‘pro-Russian’ hackers arrested in Spain over cyberattacks

Published

on

By

Three 'pro-Russian' hackers arrested in Spain over cyberattacks

Three pro-Russian hackers have been arrested for alleged cyberattacks against Spain and other NATO countries for terrorist purposes, Spanish police said on Saturday.

The suspects were detained for their alleged participation in distributed denial of service (DDoS) cyber attacks against public institutions and strategic sectors, the Civil Guard said.

It did not say if the three suspects, who have not been named, have been charged or detained.

The cyberattacks were allegedly carried out against web pages of public and private organizations in the government sectors, critical infrastructures and essential services in countries which support Ukraine in the conflict with Russia, it said.

Advertisement

Police released a video on social media platform X of a raid at the home of one of the suspects in which a Soviet-era hammer and sickle flag was mounted on a wall.

“These computer attacks have been organized by the hacktivist group NoName057(16), (which started) after the invasion of Ukraine by Russia and (which has been) one of the most active,” the Civil Guard said in a statement.

“In their own founding manifesto, this group acknowledges that they ‘will respond proportionately in response to the hostile and openly anti-Russian actions of Western Russophobes’.”

The arrests took place in Manacor on Spain’s Balearic Island of Mallorca, and in Huelva and Seville, in southern Spain, police said. Police said the investigation was ongoing.

Advertisement
Continue Reading

Tech

Microsoft says about 8.5 million of its devices affected by CrowdStrike-related outage

Microsoft says about 8.5 million of its devices affected by CrowdStrike-related outage

Published

on

By

Microsoft says about 8.5 million of its devices affected by CrowdStrike-related outage

A global tech outage that was related to a software update by cybersecurity firm CrowdStrike affected nearly 8.5 million Microsoft devices, Microsoft said in a blog post on Saturday.

“We currently estimate that CrowdStrike’s update affected 8.5 million Windows devices, or less than one percent of all Windows machines,” it said in the blog.

A software update by global cybersecurity firm CrowdStrike, one of the largest operators in the industry, triggered systems problems that grounded flights, forced broadcasters off air and left customers without access to services such as healthcare or banking. 

“While the percentage was small, the broad economic and societal impacts reflect the use of CrowdStrike by enterprises that run many critical services,” Microsoft said in its blog post.

Advertisement

CrowdStrike has helped develop a solution that will help Microsoft’s Azure infrastructure accelerate a fix, Microsoft said, adding that it was working with Amazon Web Services and Google Cloud Platform, sharing information about the effects Microsoft was seeing across the industry.

The air travel industry was recovering on Saturday from the outage that caused thousands of flights to be cancelled, leaving passengers stranded or grappling with hours of delays as airports and airlines were caught up in the IT outage.

Delta Air Lines, one of the hardest-hit airlines, said that as of 10 a.m EDT (1400 GMT) on Saturday, more than 600 flights had been canceled, adding that additional cancellations were expected.

Advertisement
Continue Reading

Tech

Malicious actors trying to exploit global tech outage for their own gain

Malicious actors trying to exploit global tech outage for their own gain

Published

on

By

Malicious actors trying to exploit global tech outage for their own gain

As the world continues to recover from massive business and travel disruptions caused by a faulty software update from cybersecurity firm CrowdStrike, malicious actors are trying to exploit the situation for their own gain.

Government cybersecurity agencies across the globe and CrowdStrike CEO George Kurtz are warning businesses and individuals about new phishing schemes that involve malicious actors posing as CrowdStrike employees or other tech specialists offering to assist those recovering from the outage.

“We know that adversaries and bad actors will try to exploit events like this,” Kurtz said in a statement. “I encourage everyone to remain vigilant and ensure that you’re engaging with official CrowdStrike representatives.”

The UK Cyber Security Center said they have noticed an increase in phishing attempts around this event.

Advertisement

Microsoft said 8.5 million devices running its Windows operating system were affected by the faulty cybersecurity update Friday that led to worldwide disruptions.

That’s less than 1% of all Windows-based machines, Microsoft cybersecurity executive David Weston said in a blog post on Saturday.

He also said such a significant disturbance is rare but “demonstrates the interconnected nature of our broad ecosystem.” 

What’s happening with air travel?

With their tightly timed, interwoven schedules and complex technology systems, many big airlines struggle to stay on time when everything goes well. It perhaps was not surprising that the industry was among the hardest hit by the outage, with crews and planes caught out of position.

Advertisement

By mid-afternoon Saturday on the U.S. East Coast, airlines around the world had canceled more than 2,000 flights, according to tracking service FlightAware. That was down from 5,100-plus cancellations on Friday.

About 1,600 of Saturday’s canceled flights occurred in the United States, where carriers scrambled to get planes and crews back into position after massive disruptions the day before. According to travel data provider Cirium, U.S. carriers canceled about 3.5% of their scheduled flights for Saturday. Only Australia was hit harder.

Canceled flights were running at about 1% in the United Kingdom, France and Brazil and about 2% in Canada, Italy and India among major air-travel markets.

Robert Mann, a former airline executive and now a consultant in the New York area, said it was unclear exactly why U.S. airlines were suffering disproportionate cancellations, but possible causes include a greater degree of outsourcing of technology and more exposure to Microsoft operating systems that received the faulty upgrade from CrowdStrike.

Which airlines are getting hit the hardest?

Advertisement

Delta Air Lines canceled more than 800 flights, or one-fourth of its schedule for Saturday, and that number did not include Delta Connection regional flights. It was followed by United Airlines, which dropped nearly 400 flights.

The worst airport to be, for a second straight day, was Hartsfield–Jackson Atlanta International Airport, where Delta is the dominant carrier. The Atlanta Journal-Constitution reported that thousands of people spent the night at the airport, many sleeping on the floors.

European airlines and airports appeared to be recovering slowly, although Lufthansa and its affiliates canceled dozens of flights. Its Eurowings budget subsidiary said check-in, boarding, booking and rebooking flights were all available again, although “isolated disruptions” were possible.

London’s Heathrow Airport said it was busy but operating normally on Saturday and that “all systems are back up and running.” Flights at Berlin’s main airport were departing on or close to schedule, German Press Agency dpa reported, citing an airport spokesman.

How are healthcare systems holding up?

Advertisement

Health care systems affected by the outage faced clinic closures, canceled surgeries and appointments and restricted access to patient records.

Cedars-Sinai Medical Center in Los Angeles, Calif., said “steady progress has been made” to bring its servers back online and thanked its patients for being flexible during the crisis.

“Our teams will be working actively through the weekend as we continue to resolve remaining issues in preparation for the start of the work week,” the hospital wrote in a statement.

In Austria, a leading organization of doctors said the outage exposed the vulnerability of relying on digital systems. Harald Mayer, vice president of the Austrian Chamber of Doctors, said the outage showed that hospitals need analog backups to protect patient care.

The organization also called on governments to impose high standards in patient data protection and security, and on health providers to train staff and put systems in place to manage crises.

Advertisement

“Happily, where there were problems, these were kept small and short-lived and many areas of care were unaffected” in Austria, Mayer said.

The Schleswig-Holstein University Hospital in northern Germany, which canceled all elective procedures Friday, said Saturday that systems were gradually being restored and that elective surgery could resume by Monday.

Will the tech industry face a reckoning?

“I wasn’t that surprised that an accident caused severe global digital disruption. I was a little surprised that the cause of it was a software update from a very well-respected cybersecurity company,” said Oxford University management professor Ciaran Martin, a former chief executive of the U.K.’s National Cyber Security Center.

“There are some very hard questions for CrowdStrike. How on earth did this update get through quality control?” he said. “Clearly the testing regime, whatever it is, failed.”

Advertisement

Martin said governments in the U.K. and the European Union will be powerless to take steps to prevent such breakdowns “because we have become dependent on a very American version of technology, and the power to do anything about that doesn’t rest in this continent.”

Other analysts doubted that the outage would lead Washington or any other government to propose new mandates on tech companies.

“I don’t know what the mandate would be. Do better QA?” said Gartner analyst Eric Grenier, using an acronym for quality assurance.

What did scam artists learn from the outage?

Grenier expects that a majority of affected machines will be fixed in about a week, with more time needed to reach laptops used by far-flung workers because the work can’t be done remotely – it’s a hands-on operation.

Advertisement

In the meantime, there will be scammers trying to take advantage of businesses that have indicated they were affected by the outage.

“The threat is very real,” Grenier said. “Bad actors have the information to send targeted phishing emails and calls. They know what endpoint-protection tools you use. They know you use CrowdStrike.”

Grenier said affected businesses need to make sure they use a fix supplied by CrowdStrike. “Don’t accept the help of somebody coming out of the blue and saying, ‘I’ll fix that for you,’” he said.

Advertisement
Continue Reading

Trending

Copyright © GLOBAL TIMES PAKISTAN