Information Security News
Verizon have released their 2014 Data Breach Report which is classified in 9 attack patterns, each have their own section grouped by industries. Their 60 pages reports provides some interesting statistics that are well illustrated, for example: servers are still the primary target because actors know that is where the data is likely to be. This isn't really a surprise that "They plainly show that attackers are getting better/faster at what they do at a higher rate than defenders are improving their trade."
The report can be downloaded here.
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
I recently had the opportunity to look at a sample of key-logged passwords collected from compromised machine over a period of 4 years. I wanted to share some of the takeaways, since I'm not comfortable sharing too many of the details.
From a collection of website credentials stolen by key-logger software I observed three common, trivially-predictable patterns. The first was use of the term "password" slightly modified. for example, Pa55w0rd, or PaSsW0rd, etc., etc. The second was the use of a name followed by a 1. For example, elizabeth1. The surprise pattern, and the most common in the sample I got to look at involved the name of the site with 123 tacked on the end. For example, isc123.
From a collection of remote-access passwords (shell, RPD, etc.) the usual suspects where admin/administrator (in various languages administrador, administrateur,) various permutations of "password," and the varying lengths of sequential digits (e.g. 1234, like your suitcase.)
In these samples, the source was a plain-text exposure, so it really didn't matter how complex or secure the passwords, since they were captured in the clear. However, this gives us insight into how much effort is required to extract passwords when hashed credentials are exposed. This also explains why brute-forcing remote access credentials is still profitable.
Infosec survey points to rise in attacks on IT infrastructure
HP conducted a survey at Infosec this week, to judge how those present felt about IT security in general – and the message is that the majority are seeing an increase in malicious activity targeting their servers. Across 150 attendees which HP talked ...