Last week, you saw an example of a list of passwords that an attacker used to attack a server more than 41,000 times. But the worst part was the server that underwent a short attack…
As demonstrated last week, attackers attempt to guess usernames and passwords on systems in an attempt to gain access to those computers.
The most concerning part, since your network is already under attack, is that one or more of the attempts might have been successful.
Those thousands of unsuccessful login attempts on a computer are, in a way, reassuring because the attacker was having difficulty finding a combination that worked.
The reason that some computers have fewer attack attempts can be because an attacker successfully gained access after a smaller number of guesses.
This is often the case since the attacks are automated so an attacker will not usually get tired of trying. Once one of the tries is successful, then that’s when the attacker stops guessing usernames and passwords. At that point, they already have access.
Have your internal, or outsourced, IT Pro examine failed logon attempts and see if the usernames seem random like the list published last week. If the usernames are similar to those on that list, then that’s an indication that an attacker was attempting to gain access. If there are a small number of attempts, then that attacker may have gained access to the computer.
Now that’s concerning.
Please forward this to your friends and associates so that they can be more aware of how to protect the security of their organization.