Researchers have unveiled even more evidence suggesting retail IT security admins would do well to choose strong passwords and usernames for point of sale (POS) systems, after it was revealed that opportunistic hackers scan the web for weak credentials.
Rapid7’s Project Heisenberg sees the firm collating data from a public-facing network of low-interaction honeypots to ascertain what hackers are trying to examine or exploit.
The latest results provide an interesting snapshot into exactly what they’re scanning for in a bid to compromise internet-connected POS systems, kiosks and compromised desktops offering the Remote Desktop Protocol (RDP) service for remote management.
Rapid7 collected data over almost a year (334 days), recording over 221,000 log-in attempts from over 5000 IP addresses in 119 countries.
Interestingly, of the 3969 different passwords used by hackers, the most popular was not the typical “password” or “12345” but “x,” which featured over 5% of the time. Other popular passwords used by the hackers included “Zz,” “St@rt123” and “1” – while the old favorite “P@ssw0rd” also appeared in the top 10 list, alongside “admin.”
In terms of the 1806 different usernames analyzed, the most popular was a more predictable “administrator,” used 34.8% of the time.
Others in the top 10 were “user1,” “admin,” “demo,” and “pos,” according to Rapid7.
The majority of attacks appeared to come from China (39.9%), followed by the US (24.9%), South Korea (6%) and the Netherlands (4.9%). The UK was just outside the top five, accounting for 1.8% of login attempts.
The message to admins should be clear: if you have to use passwords ensure they are long and complex, or risk becoming the “path of least resistance” for opportunistic hackers.
“Research that combines active scanning and passive collection techniques is incredibly useful for spot checking the state of cyber hygiene, and we hope to continue this sort of research to help identify where enterprises and small businesses are faltering when it comes to their online footprint,” explained Rapid7 security research manager, Tod Beardsley.