Recent Trends in Password List Attacks and Countermeasures

Recent Trends in Password List Attacks and Countermeasures

Global attacks on passwords list is on the rise. These attacks are more sophisticated than the typical brute force attack or the dictionary attack.

 

What is a password list attack?

With password list attacks, attackers try to gain access illegally via the regular route with the correct list of passwords and IDs which they have gotten from somewhere previous to the attack. In this case, the login attempt number by the ID becomes so few that it is often difficult to differentiate proper access from an attack.

If the users reuse a password on multiple sites, there is a real danger of that password being taken, and then used to successfully gain access to other sites. It is for this reason that we recommend that you use different a ID and password combination on each site.

Moreover, the time has come to consider more security measures like 2-step verification on web application servers.

From the viewpoint of attackers, dictionary attacks, where the attacker attempts to gain access through a variety of words and passwords which are perceived to be used often, are more efficient than a brute force attack where they just try passwords randomly. Further still, a list of correct IDs and passwords, with the ease at which it allows access, is like a magic item.

It’s also thought that the lists used in dictionary attacks are generally based on reference to publicly available information.

On the contrary, if we refer to a password list beforehand and prevent users from setting a frequently used password, it should be a good system to protect from attacks.

Famous list providing service

Here, we’ll introduce a renowned list providing service.

■OpenWall

– provides a list for general password tracking which attackers use
– Provides the list on both paid and free services.

https://www.openwall.com/wordlists/

I tried to download the list in the free version.

https://download.openwall.net/pub/wordlists/passwords/

When you unzip the password.gz, you will see a file called” password.lst.” Open it with the. list viewer. It shows “Last update: 2011/11/20 (3546 entries) “. It seems that they have not updated the free version for a long time. The passwords are listed in order of appearance, but I was a little surprised that this included the password I usually use.

Here is the most frequently used password Top20.

1 123456 11 1234 21 service
2 12345 12 qwerty 22  canada
3 password 13  money 23  hello
4 password1 14  carmen
5 123456789 15  mickey
6 12345678 16  secret
7 1234567890 17  summer
8 abc123 18  internet
9 computer 19  a1b2c3
10 tigger 20  123

Moreover, the attackers use the list by inputting it into a tool such as THC-Hydra or Medusa. We won’t explain the details on the usage of these tools here. In any case, If attackers use these tools and you can detect the access from them, you can defend against their attacks.

We recommend using cloud bot attack detection to detect any usage of the above tools and defend from the attack.

Today, we introduce you to CDNetworks offering “Cloud Security Bot Manager.”

CDNetworks offers you ]Cloud Security “BotGuard”

CDNetworks offers the cloud bot attack countermeasure “BotGuard,” which is a countermeasure to detect and defend recently increasing cyber-attacks.

BotGuard is a cloud bot countermeasure integrated with the global CDN platform. It is equipped with multiple features which detect and block increasing cyber-attacks via bots beforehand, strengthen web security, and provide high-performance and highly-available web delivery. It also helps to detect unknown attacks (zero-day) by bots, protects your website from a wide variety of attacks, and improves the user experience by keep service consistency.

With BotGuard you can set 5 defense levels to detect and block bad bots: “IP rate limiting”, “Javascript Challenge”, “Capture”, “DFC (Device finger print Challenge)”, “HIC”.

Learn more about CDNetworks BotGuard