Carding 4 Carders
Professional
How IT administrators pave the way for hackers to access the systems of large companies.
Outpost24 researchers have identified alarming trend — thousands of IT administrators use predictable and weak passwords to protect access to internal company networks. This puts sensitive data and management systems at risk.
Outpost24 analyzed more than 1.8 million accounts using special analytics software. It turned out that over 40,000 of them used the default password — the word "admin" or its variations.
"In order to select administrator passwords from the general list, we studied statistical data in the Threat Compass system, searched for pages marked as administrative portals. As a result, we found 1.8 million passwords collected from January to September 2023," writes Outpost24.
According to experts, it is enough for attackers to use a banal brute-force method to gain access to management accounts. From there, access system settings, security settings, customer databases, and other internal resources.
Outpost24 created the top 20 vulnerable combinations:
1. admin
2.123456
3.12345678
4. 1234
5. Password
6. 123
7. 12345
8. admin123
9. 123456789
10. adminisp
11. demo
12. root
13.123123
14. admin@123
15. 123456aA@
16. 01031974
17. Admin@123
18. 111111
19. admin1234
20. admin1
Companies are advised to change their untrusted passwords immediately. You can also use additional security measures-from antivirus programs to banning autosave in browsers. Otherwise, the negligence of individual employees can lead to large-scale incidents.
Outpost24 researchers have identified alarming trend — thousands of IT administrators use predictable and weak passwords to protect access to internal company networks. This puts sensitive data and management systems at risk.
Outpost24 analyzed more than 1.8 million accounts using special analytics software. It turned out that over 40,000 of them used the default password — the word "admin" or its variations.
"In order to select administrator passwords from the general list, we studied statistical data in the Threat Compass system, searched for pages marked as administrative portals. As a result, we found 1.8 million passwords collected from January to September 2023," writes Outpost24.
According to experts, it is enough for attackers to use a banal brute-force method to gain access to management accounts. From there, access system settings, security settings, customer databases, and other internal resources.
Outpost24 created the top 20 vulnerable combinations:
1. admin
2.123456
3.12345678
4. 1234
5. Password
6. 123
7. 12345
8. admin123
9. 123456789
10. adminisp
11. demo
12. root
13.123123
14. admin@123
15. 123456aA@
16. 01031974
17. Admin@123
18. 111111
19. admin1234
20. admin1
Companies are advised to change their untrusted passwords immediately. You can also use additional security measures-from antivirus programs to banning autosave in browsers. Otherwise, the negligence of individual employees can lead to large-scale incidents.
