Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Users Security. Show all posts

Experts Named the Most Popular Passwords of Russians

 

Passwords consisting of simple sequences of letters and numbers became the most popular passwords in Runet in 2021. Combinations qwerty123, qwerty1 and 123456 take top lines of the rating, the fourth place goes to a11111 and fifth place to 123456789. It is noted that among Cyrillic passwords, the most common are "password", "love", "hello" and "natasha". 

Analysts have studied 35.5 billion unique pairs of logins and passwords, including 250 million new ones. According to their data, only 3.5 percent of passwords can be called complex, and 16.5 percent are long. 

According to Alexei Drozd, head of information security at SerchInform, users risk losing access to their pages and personal accounts on various resources using easy passwords in the absence of two-factor authentication. He warned that it's especially dangerous if fraudsters gain access to a person's main mailbox. Then attackers will have an opportunity to take possession of more information, resetting the password from other services. 

For example, passwords are checked for security every time users enter them to access Yandex services: a database of 1.2 billion compromised credentials is used for this purpose. The same check is carried out in VKontakte. Google said that they are advised to think up a password length of at least 12 characters, such as a quote from a movie or a line from your favorite poem. 

Sergei Ivanov, Director of Product Strategy at T1 Group, said that the most common password-guessing technique is called brute force, which has long been used by cybercriminals. It is when anthologies of popular passwords and word directories are attached to the software code. He specified that a combination of six Latin letters of the same case can be found in 31 seconds, assuming the search speed of 10 million passwords per second. It would take only 95 minutes to crack a password consisting of six symbols (letters in different registers and numbers). If the password contains 10 symbols, it will take 2.5 years.

China-Based Hackers Luring Indians into Fake Tata Motors Scam

 

On Thursday, cyber-security researchers in India announced the discovery of a malicious free present marketing campaign managed by China-based hackers to gather personal user data. The marketing campaign is pretending to be an offer from Tata Motors, the biggest automobile manufacturing company in India, reports IANS.

The analysis workforce at New Delhi-based CyberPeace Foundation received some malicious links via WhatsApp, related to a free gift offer from Tata Motors, accumulating personal information about customers together with their browser and system information. 

“The campaign is pretended to be an offer from Tata Motors but hosted on the third-party domain instead of the official website of Tata Motors which makes it more suspicious,” the research team stated.

This malicious campaign being operated on a fake website is titled “Tata Motors Cars, Celebrates sales exceeding 30 million”. On the landing page, a congratulations message is displayed with an attractive photo of a Tata Safari car. Users are asked to participate in a quick survey to get a free TATA Safari vehicle. 

“Also, at the bottom of this page, a section comes up which seems to be a Facebook comment section where many users have commented about how the offer is beneficial,” the researchers revealed.

After clicking the OK button, users are given three chances to win the prize. After finishing all the attempts, it says that the user has won “TATA SAFARI”.

“Congratulations! You did it! You won the TATA SAFARI!” Clicking on the ‘OK’ button, it then instructs users to share the campaign with friends on WhatsApp. The user doesn’t actually end up winning the car, the page simply keeps redirecting the user to multiple advertisements webpages. The Foundation recommended that people avoid opening such messages sent via social platforms.

According to the researchers, hackers are using Cloudflare technologies to hide the real IP addresses of the front-end domain names used in the free gifts from Tata Motors campaign. The CyberPeace Foundation, a think tank and non-governmental organization of experts in the field of cybersecurity and policy, has collaborated with Autobot Infosec Private Limited to investigate this realization that these sites are online fraud.