Guest Post | Advt. | Query: info@techrecur.com

New Security Research Reveals Password Inadequacy Still a Top Threat


WatchGuard’s Q2 2018 Internet Security Report uncovers heightened use of credential-focused attacks and continued prevalence of malicious Office documents

12 September 2018 – New research from the WatchGuard Threat Lab shows the emergence of the Mimikatz credential-stealing malware as a top threat and the growing popularity of brute force login attacks against web applications. The research also reveals that 50 percent of government and military employee LinkedIn passwords, largely from the US, were weak enough to be cracked in less than two days, underscoring the reality that passwords alone can’t offer sufficient protection and the need for multi-factor authentication (MFA) solutions. WatchGuard’s Internet Security Report for Q2 2018 explores the latest security threats affecting small to midsize businesses (SMBs) and distributed enterprises.

Corey Nachreiner
Corey Nachreiner

“Authentication is the cornerstone of security and we’re seeing overwhelming evidence of its critical importance in the common trend of password- and credential-focused threats throughout Q2 2018,” said Corey Nachreiner, chief technology officer at WatchGuard Technologies. “Whether it’s an evasive credential-stealing malware variant or a brute force login attack, cyber criminals are laser-focused on hacking passwords for easy access to restricted networks and sensitive data. At WatchGuard, these trends are driving new innovative defences within our product portfolio, including AuthPoint, our Cloud-based multi-factor authentication solution and our IntelligentAV service, which leverages three malware detection engines to prevent malware strains that evade traditional signature-based antivirus products. Every organisation should seek out vendor and solution provider partners that offer layered protection against these ever-evolving attack techniques.”

The insights, research and security best practices included in WatchGuard’s quarterly Internet Security Report are designed to help organisations of all sizes understand the current cyber security landscape and better protect themselves, their partners and customers from emerging security threats. The top takeaways from the Q2 2018 report include:

  • Mimikatz was the most prevalent malware variant in Q2. Representing 27.2 percent of the top 10 malware variants listed last quarter, Mimikatz is a well-known password and credential stealer that has been popular in past quarters but has never been the top strain. This surge in Mimikatz’s dominance suggests that authentication attacks and credential theft are still major priorities for cyber criminals – another indicator that passwords alone are inadequate as a security control and should be fortified with MFA services that make hackers’ lives harder by requiring additional authentication factors in order to successfully login and access the network.
  • Roughly half of government and military employee passwords are weak. After conducting a thorough analysis of the 2012 LinkedIn data dump to identify trends in user password strength, WatchGuard’s Threat Lab team found that half of all passwords associated with “.mil” and “.gov” email address domains within the database were objectively weak. Of the 355,023 largely US government and military account passwords within the database, 178,580 were cracked in under two days. The most common passwords used by these accounts included “123456,” “password,” “linkedin,” “sunshine,” and “111111.” Conversely, the team found that just over 50 percent of civilian passwords were weak. These findings further illustrate the need for stronger passwords for everyone, and a higher standard for security among public service employees that handle potentially sensitive information. In addition to better password training and processes, every organisation should deploy multi-factor authentication solutions to reduce the risk of a data breach.
  • More than 75 percent of malware attacks are delivered over the web. A total of 76 percent of threats from Q2 were web-based, suggesting that organisations need an HTTP and HTTPS inspection mechanism to prevent the vast majority of attacks. Ranked as the fourth most prevalent web attack in particular, “WEB Brute Force Login -1.1021” enables attackers to execute a massive deluge of login attempts against web applications, leveraging an endless series of random combinations to crack user passwords in a short period of time. This attack in particular is another example of cyber criminals’ heightened focus on credential theft and shows the importance of not only password security and complexity, but the need for MFA solutions as a more effective preventative measure.
  • Cryptocurrency miners earn spot as a top malware variant. As anticipated, malicious cryptominers are continuing to grow in popularity as a hacking tactic, making their way into WatchGuard’s top 10 malware list for the first time in Q2. Last quarter, WatchGuard uncovered its first named cryptominer, Cryptominer.AY, which matches a JavaScript cryptominer called “Coinhive” and uses its victims’ computer resources to mine the popular privacy-focused cryptocurrency, Monero (XRM). The data shows that victims in the United States were the top geographical target for this cryptominer, receiving approximately 75 percent of the total volume of attacks.
  • Cyber criminals continue to rely on malicious Office documents. Threat actors continue to booby-trap Office documents, exploiting old vulnerabilities in the popular Microsoft product to fool unsuspecting victims. Interestingly, three new Office malware exploits made WatchGuard’s top 10 list, and 75 percent of attacks from these attacks targeted EMEA victims, with a heavy focus on users in Germany specifically.

The complete Internet Security Report features an in-depth analysis of the EFail encryption vulnerability, along with insights into the top attacks in Q2 and defensive strategies SMBs can use to improve their security posture. These finding are based on anonymized Firebox Feed data from nearly 40,000 active WatchGuard UTM appliances worldwide, which blocked nearly 14 million malware variants (449 per device) and more than 1 million network attacks (26 per device) in Q2 2018.

For more information, download the full report here https://www.watchguard.com/wgrd-resource-center/security-report-q2-2018. To access live, real-time threat insights by type, region and date, visit WatchGuard’s Threat Landscape data visualization tool today. Subscribe to The 443 – Security Simplified podcast at Secplicity.org, or wherever you find your favorite podcasts.

About WatchGuard Technologies
WatchGuard® Technologies, Inc. WatchGuard® Technologies, Inc. is a global leader in network security, secure Wi-Fi, multi-factor authentication, and network intelligence. The company’s award-winning products and services are trusted around the world by nearly 10,000 security resellers and service providers to protect more than 80,000 customers. WatchGuard’s mission is to make enterprise-grade security accessible to companies of all types and sizes through simplicity, making WatchGuard an ideal solution for distributed enterprises and SMBs. The company is headquartered in Seattle, Washington, with offices throughout North America, Europe, Asia Pacific, and Latin America. To learn more, visit WatchGuard.com.

For additional information, promotions and updates, follow WatchGuard on Twitter @WatchGuard on Facebook, or on the LinkedIn Company page. Also, visit our InfoSec blog, Secplicity, for real-time information about the latest threats and how to cope with them at www.secplicity.org.

Media Contacts:
Chris Warfield, WatchGuard Technologies
+ 1 206.876.8380, chris.warfield@watchguard.com

Peter Rennison, PRPR
01442 245030, pr@prpr.co.uk

Have any Question or Comment?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

::::::::::::::::::::::::::::::::::3451:::::::::::::::::::::::::::::::::;;

::::::::::::::::::::::::::::::::::6733:::::::::::::::::::::::::::::::::;;

:::::::::::::::::::::::::::::925:::::::::::::::::::::::::::::::

TRIO STEEL IS ONE OF THE MOST TRUSTED BRAND AND LEADING EXPORTER AND SUPPLIER OF CARBON STEEL, ALLOY STEEL & STAINLESS STEEL PIPES & PIPE FITTINGS MATERIAL. Triosteel is one of the leading Suppliers and Exporters of API 5L Pipe in Singapore. Triosteel also Exports to many countries like Indonesia, Iran, Saudi Arabia & many more. An API 5L pipe is manufactured by adhering to the specifications laid down by the International Organization for Standardization (ISO) 3183.

::::::::::::::3453:::::::::::::

2780

buy! buy! CHEAP! Telefonie VoIP CHEAP! buy! buy! CHEAP!

2781

buy! buy! CHEAP! Telefonie VoIP CHEAP! buy! buy! CHEAP!

——————————————–

For the 2012 MLB period, we found an totals forecast Joao’s Renowned Over/Under João Zorro Gonçalves, Zcode Totals Pro, System of the time with progressions that have been successful over 98 98% ... We eventually perfected our over/under program ( Zcodesystemexclusive ), although it h-AS has brought years of investigation. Five Steps to Making a Winning MLB Method: 1. Execute appropriate cash management tools. 2. MLB rules that are comprehend. 3.Extensive testing back to make sure successful longterm results ...

——————————————–

There is always a challenge when you're dealing with the Foreign Exchange Market. That's just the nature of the beast. The best thing you can do is to learn about how the market operates as a whole so that you will be ready to meet these challenges. iq option penipu Never be misled by any profit gains in binary options. This is the number-one way traders end up losing their money and ultimately failing. Remember that the same things that make you laugh can make you cry in this market, and you can lose that $700.

——————————————–

Learning Polish has never been this fun and easy as with our podcasts Learn Polish with Polishpod101 Start today and become conversational in Polish in no time

——————————————–

The Best Website Agen Poker Resmi www.sakupoker.com Terpercaya come join

——————————————–

Do you need edmonton phone systems service ? Call complete communications today!

——————————————–

High-tech solutions for easy start-up of your IPTV/OTT-business

——————————————–

——————————————–

If you want to purchase not only one item, you have a chance to enjoy privileges. There is a sale’ tab on the site which offers a fantastic range of reduced counterfeit watches and accessories, such as sunglasses, cufflinks, watch straps and pens. Luxury Jewelry Replica At MCA.MN On Sale You get a 5% discount if you buy two pieces, this discount increases to 10% if you buy 4 pieces or more. There is free international shipping on all orders on this site. We also offer customers a free return anytime with a 100% money back guarantee.

——————————————–

:::::::::::::::::3452:::::::::::::::::::