company SPECOPS Software published a study , which are analyzed most Popular passwords used in attacks on the ports of the RDP protocol (Remote Desktop Protocol).
RDP via TCP port 3389 is a popular way to provide remote access to the network for remote employees. Attacks on RDP ports are still popular for hackers, even when many employees return to the office. Currently, Buborsat-Stataks are heading a list of attack vectors and make up 41% of all intrusions.
When analyzing more than 4.6 million compromised passwords collected in October 2022 from the SPECOPS Software lure system, the most common passwords used to attack TCP port 3389, included:
- password
- p@ssw0rd
- welcome
- admin
- passw0rd
- p@ssword
- pa $ $ w0rd
- qwerty
- user
- test
In addition, the analysis of attacks on ports revealed several password templates:
- more than 88% – 12 or less characters;
- almost 24% – 8 characters;
- less than 19% – only lowercase letters.
The head of the internal IT department of Specops Software Darren James said that the organizations use more stringent password policies, such as the requirement of longer password phrases, the introduction of a password based on the length and block compromised passwords.
In October, Rapid7 researchers watched several hundred Hanipot for 12 months to study how hackers try to penetrate into other people’s networks using SSH and RDP protocols. For all the time of the study, experts recorded 512 thousand cases when attackers used ready -made accounting data from the Rockyou2021.txt file, which contains about 8.4 billion real passwords used by users.