In an analysis based on more than 25 million attacks, Microsoft finds that 77% of hacked passwords are less than seven characters. Special characters also scare hackers away.
You will also be interested
[EN VIDÉO] What is a cyberattack? With the development of the Internet and the cloud, cyber attacks are more and more frequent and sophisticated. Who is behind these attacks and for what purpose? What are the methods of hackers and what are the most massive cyber attacks?
We are in 2021 and hackers are getting lazy. In any case, this is what emerges from an analysis carried out by the security laboratory of Microsoft and relayed by The Record. According to data collected by the firm, most attackers seeking to crack a password, focus on short ones. The sesames, based on passphrases or mixing complex characters, are not very targeted.
To carry out this study, security researchers at Microsoft analyzed more than 25 million attacks said by Brute force (SSH). These are connection attempts by performing a series of tests to discover valid identifiers. This significant figure corresponds to nearly a month of data collection from sensors from Microsoft.
Thus, 77% of the attacks concerned Passwords whose length did not exceed seven characters. The study also shows that, ultimately, the most motivated hackers were only 6% interested in Passwords of more than 10 characters.
Teleworking triples attacks
The other interesting data from this analysis is that only 7% of attempts included a special trait. In the end, as long as only one of these characters is used, it is unlikely to be attacked.
Attacks increased 325% from 2020
But, be careful, do not forget that a complex or long password can very well be found in a database hacked and circulate on the darknet.
The study also shows that hackers massively exploit the technique of the attack by Brute force over RDP connections (Remote Desktop Protocol). This is a protocol built into Windows and that Microsoft advises to leave disabled. It allows to connect to a remote office and, with the telework, It is de facto used a lot.
An attack of this type is then used to enter the organization’s network and to carry out attempts to phishing inside. So far, the attacks have increased by 325% compared to 2020.
Interested in what you just read?
.
fs1