Specops
Software released new research analyzing the top passwords used in live attacks
against Remote Desktop Protocol (RDP) ports. This analysis coincides with the
latest addition of over 34 million compromised passwords to the
Specops
Breached Password Protection Service, which now includes over 3 billion unique compromised passwords.
RDP
over TCP Port 3389 is a popular way to provide IT teams remote network access
to remote workers. While attacks on RDP ports grew during the COVID-19 pandemic
as a result of the rise of remote work, the port has continued to be a popular
attack method for criminals despite many workers returning to the office.
Password-related attacks continue to top the list of attack methods, with
recent research finding brute force password guessing accounts for 41%
of all intrusion vectors.
In
an analysis of over 4.6 million passwords collected in October 2022 from
Specops Software's honeypot system - one of the sources for compromised
passwords blocked by Specops Password Policy and Breached Password Protection -
the most common base terms found in passwords used to attack TCP Port 3389
included:
- Password
- p@ssw0rd
- Welcome
- admin
- Passw0rd
- p@ssword
- pa$$w0rd
- qwerty
- User
- test
Additionally,
an analysis of port attack data including the RDP port and others revealed
several password patterns, with more than 88% containing 12 characters or less,
nearly 24% containing just 8 characters, and just under 19% containing only
lowercase letters.
"Weak
passwords continue to leave organizations vulnerable to attacks on RDP ports
and other systems, but it doesn't have to be this way," said Darren James, Head
of Internal IT, Specops Software. "It is imperative that organizations adopt
stronger password policies, such as requiring longer passphrases, introducing length-based
password aging, and blocking compromised passwords."
For more information about
the research, check out the full data and analysis here.