The Attacker’s Dictionary

Recommendations

Info

05 COLLECTED CREDENTIALS We have collected credentials intended for our RDP listening services over the past 334 days, from 2015-03-12 to 2016-02-09. Over this period, we have recorded 221,203 attempts to login, sourced from 119 countries (Figures 5 and 6). While we have primarily focused on the interesting features of the passwords, our Heisenberg network has also collected usernames. Because of this, we have access to the complete credentials, which can be critical in identifying the intended target. Figure 5: Credentials collected worldwide | Rapid7.com The Attacker’s Dictionary: Auditing Criminal Credential Attacks 10
Figure 6: Top 10 Country Network Origins China (CN) 88,227 (39.9%) United States (US) 54,977 (24.9%) Korea, Republic Of (KR) 13,182 (6.0%) Netherlands (NL) 10,808 (4.9%) Vietnam (VN) 6,565 (3.0%) United Kingdom (GB) 3,983 (1.8%) Taiwan, Province Of China (TW) 3,808 (1.7%) France (FR) 3,709 (1.7%) Germany (DE) 2,488 (1.1%) Canada (CA) 2,349 (1.1%) | Rapid7.com The Attacker’s Dictionary: Auditing Criminal Credential Attacks 11
Page 1 and 2: The Attacker’s Dictionary Auditin
Page 3 and 4: 01 EXECUTIVE SUMMARY This paper is
Page 5 and 6: 03 HEISENBERG HONEYPOTS Heisenberg
Page 7 and 8: var td_2F = new td_0g(“4818a8896d
Page 9: Figure 3: Events Per Day by Country
Page 13 and 14: Figure 7: Top 10 Usernames administ
Page 15 and 16: Top Passwords for the Top Ten Usern
Page 17 and 18: Top Usernames Associated with the T
Page 19 and 20: Figure 12: Distinct Passwords per U
Page 21 and 22: 07 PASSWORD COMPLEXITY AND PROVENAN
Page 23 and 24: Figure 15: Password Lifetimes Compl
Page 25 and 26: would almost certainly run afoul of

The Attacker’s Dictionary

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?