As demonstrated last week, attackers attempt to guess usernames and passwords on systems in an attempt to gain access to those computers.

The most concerning part, since your network is already under attack, is that one or more of the attempts might have been successful.

Those thousands of unsuccessful login attempts on a computer are, in a way, reassuring because the attacker was having difficulty finding a combination that worked.

The reason that some computers have fewer attack attempts can be because an attacker successfully gained access after a smaller number of guesses.

This is often the case since the attacks are automated so an attacker will not usually get tired of trying. Once one of the tries is successful, then that’s when the attacker stops guessing usernames and passwords. At that point, they already have access.

Have your internal, or outsourced, IT Pro examine failed logon attempts and see if the usernames seem random like the list published last week. If the usernames are similar to those on that list, then that’s an indication that an attacker was attempting to gain access. If there are a small number of attempts, then that attacker may have gained access to the computer.

Now that’s concerning.

Please forward this to your friends and associates so that they can be more aware of how to protect the security of their organization.

The post How To Know if a Password Attack Succeeded appeared first on Foster Institute.

Notice that, for the usernames most likely to exist on computers, the attacker tries more password guesses:

1398 different passwords attempted with this guessed username: Administrator
836 different passwords attempted with this guessed username: Admin
554 different passwords attempted with this guessed username: user
314 different passwords attempted with this guessed username: test
314 different passwords attempted with this guessed username: user1
160 different passwords attempted with this guessed username: user2
156 different passwords attempted with this guessed username: user3
156 different passwords attempted with this guessed username: admin1
155 different passwords attempted with this guessed username: test1
111 different passwords attempted with this guessed username: guest
91 different passwords attempted with this guessed username: sql
89 different passwords attempted with this guessed username: aspnet
87 different passwords attempted with this guessed username: support_388945a0
84 different passwords attempted with this guessed username: david
83 different passwords attempted with this guessed username: root
82 different passwords attempted with this guessed username: backup
80 different passwords attempted with this guessed username: sys
80 different passwords attempted with this guessed username: support
80 different passwords attempted with this guessed username: Other
80 different passwords attempted with this guessed username: a
78 different passwords attempted with this guessed username: test2
78 different passwords attempted with this guessed username: server
78 different passwords attempted with this guessed username: 1
78 different passwords attempted with this guessed username: john
78 different passwords attempted with this guessed username: test3
78 different passwords attempted with this guessed username: console
78 different passwords attempted with this guessed username: owner
78 different passwords attempted with this guessed username: actuser
78 different passwords attempted with this guessed username: 123
78 different passwords attempted with this guessed username: adm
78 different passwords attempted with this guessed username: admin2
78 different passwords attempted with this guessed username: user4
78 different passwords attempted with this guessed username: user5
32 different passwords attempted with this guessed username: surferquest
18 different passwords attempted with this guessed username: auditor
15 different passwords attempted with this guessed username: alilong
14 different passwords attempted with this guessed username: SCOTT
13 different passwords attempted with this guessed username: chirotouch
13 different passwords attempted with this guessed username: PEGGY
12 different passwords attempted with this guessed username: follow
12 different passwords attempted with this guessed username: CHERYL
12 different passwords attempted with this guessed username: TERRI
11 different passwords attempted with this guessed username: ETB User
10 different passwords attempted with this guessed username: system_backupDB
10 different passwords attempted with this guessed username: QBPOSDBSrvUser
10 different passwords attempted with this guessed username: xuhai
10 different passwords attempted with this guessed username: tu
9 different passwords attempted with this guessed username: mroot
9 different passwords attempted with this guessed username: manager
9 different passwords attempted with this guessed username: justin
8 different passwords attempted with this guessed username: iis
8 different passwords attempted with this guessed username: Linux
7 different passwords attempted with this guessed username: acs
7 different passwords attempted with this guessed username: vetvault
7 different passwords attempted with this guessed username: squirrel
7 different passwords attempted with this guessed username: user01
7 different passwords attempted with this guessed username: crsuser
6 different passwords attempted with this guessed username: saleslan
6 different passwords attempted with this guessed username: IUSR_SOR
6 different passwords attempted with this guessed username: scan
6 different passwords attempted with this guessed username: expedite
6 different passwords attempted with this guessed username: DSNVSUser
6 different passwords attempted with this guessed username: reception
6 different passwords attempted with this guessed username: hei
6 different passwords attempted with this guessed username: VNIAdmin_DoNotDelete
6 different passwords attempted with this guessed username: kaypro
6 different passwords attempted with this guessed username: payroll
6 different passwords attempted with this guessed username: mark
6 different passwords attempted with this guessed username: alex
6 different passwords attempted with this guessed username: linhai
6 different passwords attempted with this guessed username: ntsec_admin
6 different passwords attempted with this guessed username: lisa
6 different passwords attempted with this guessed username: oprrs
6 different passwords attempted with this guessed username: monster
5 different passwords attempted with this guessed username: Acsadmin
5 different passwords attempted with this guessed username: cli
5 different passwords attempted with this guessed username: awesen
5 different passwords attempted with this guessed username: aloha
5 different passwords attempted with this guessed username: micrologic
5 different passwords attempted with this guessed username: scanner
5 different passwords attempted with this guessed username: swentz
5 different passwords attempted with this guessed username: jacob
5 different passwords attempted with this guessed username: jordan
5 different passwords attempted with this guessed username: backoffice
5 different passwords attempted with this guessed username: amiga
5 different passwords attempted with this guessed username: pos
4 different passwords attempted with this guessed username: warehouse
4 different passwords attempted with this guessed username: rdspos
4 different passwords attempted with this guessed username: linda
4 different passwords attempted with this guessed username: copier
4 different passwords attempted with this guessed username: rds
4 different passwords attempted with this guessed username: acasey
4 different passwords attempted with this guessed username: mary
4 different passwords attempted with this guessed username: sapsupport
4 different passwords attempted with this guessed username: Post6
4 different passwords attempted with this guessed username: james
4 different passwords attempted with this guessed username: micros
4 different passwords attempted with this guessed username: spppse
4 different passwords attempted with this guessed username: possvr
4 different passwords attempted with this guessed username: apple_terminal
3 different passwords attempted with this guessed username: shipping
3 different passwords attempted with this guessed username: manw
3 different passwords attempted with this guessed username: MssqlUser
3 different passwords attempted with this guessed username: miass
3 different passwords attempted with this guessed username: receptionist
3 different passwords attempted with this guessed username: grace
3 different passwords attempted with this guessed username: iusr_qa
3 different passwords attempted with this guessed username: hk
3 different passwords attempted with this guessed username: fax
3 different passwords attempted with this guessed username: menw
3 different passwords attempted with this guessed username: sales
3 different passwords attempted with this guessed username: parts
3 different passwords attempted with this guessed username: Tsmotw
3 different passwords attempted with this guessed username: svc-netmon
3 different passwords attempted with this guessed username: staff
3 different passwords attempted with this guessed username: adminsc5
3 different passwords attempted with this guessed username: ssyyet
3 different passwords attempted with this guessed username: sysadmin
3 different passwords attempted with this guessed username: ashley
3 different passwords attempted with this guessed username: araxi
3 different passwords attempted with this guessed username: ccdrs
3 different passwords attempted with this guessed username: ava
3 different passwords attempted with this guessed username: Cat
3 different passwords attempted with this guessed username: Spectra
3 different passwords attempted with this guessed username: tech
3 different passwords attempted with this guessed username: voicemail
3 different passwords attempted with this guessed username: adm1n
3 different passwords attempted with this guessed username: terry
3 different passwords attempted with this guessed username: Administrador
2 different passwords attempted with this guessed username: laptop
2 different passwords attempted with this guessed username: lab
2 different passwords attempted with this guessed username: Astsm
2 different passwords attempted with this guessed username: larry
2 different passwords attempted with this guessed username: lee
2 different passwords attempted with this guessed username: billing
2 different passwords attempted with this guessed username: besadmin
2 different passwords attempted with this guessed username: bill
2 different passwords attempted with this guessed username: joshua
2 different passwords attempted with this guessed username: kathy
2 different passwords attempted with this guessed username: avery
2 different passwords attempted with this guessed username: beadmin
2 different passwords attempted with this guessed username: Kantech
2 different passwords attempted with this guessed username: keith
2 different passwords attempted with this guessed username: kiosk
2 different passwords attempted with this guessed username: aubrey
2 different passwords attempted with this guessed username: joseph
2 different passwords attempted with this guessed username: benjamin
2 different passwords attempted with this guessed username: lewis
2 different passwords attempted with this guessed username: alan
2 different passwords attempted with this guessed username: aiden
2 different passwords attempted with this guessed username: addison
2 different passwords attempted with this guessed username: lvellman
2 different passwords attempted with this guessed username: madison
2 different passwords attempted with this guessed username: manger
2 different passwords attempted with this guessed username: accountant
2 different passwords attempted with this guessed username: mia
2 different passwords attempted with this guessed username: abigail
2 different passwords attempted with this guessed username: mason
2 different passwords attempted with this guessed username: matthew
2 different passwords attempted with this guessed username: adam
2 different passwords attempted with this guessed username: angela
2 different passwords attempted with this guessed username: andrew
2 different passwords attempted with this guessed username: andrea
2 different passwords attempted with this guessed username: liam
2 different passwords attempted with this guessed username: anthony
2 different passwords attempted with this guessed username: lillian
2 different passwords attempted with this guessed username: logmeinremoteuser
2 different passwords attempted with this guessed username: lori
2 different passwords attempted with this guessed username: lucas
2 different passwords attempted with this guessed username: amelia
2 different passwords attempted with this guessed username: alexander
2 different passwords attempted with this guessed username: logan
2 different passwords attempted with this guessed username: joe
2 different passwords attempted with this guessed username: cindy
2 different passwords attempted with this guessed username: chris
2 different passwords attempted with this guessed username: chloe
2 different passwords attempted with this guessed username: CorpOwner
2 different passwords attempted with this guessed username: evelyn
2 different passwords attempted with this guessed username: consult
2 different passwords attempted with this guessed username: front
2 different passwords attempted with this guessed username: frontdesk
2 different passwords attempted with this guessed username: gabriel
2 different passwords attempted with this guessed username: checkout
2 different passwords attempted with this guessed username: FranOwner
2 different passwords attempted with this guessed username: checkin
2 different passwords attempted with this guessed username: ethan
2 different passwords attempted with this guessed username: elijah
2 different passwords attempted with this guessed username: elizabeth
2 different passwords attempted with this guessed username: ella
2 different passwords attempted with this guessed username: doctor
2 different passwords attempted with this guessed username: don
2 different passwords attempted with this guessed username: donna
2 different passwords attempted with this guessed username: dennis
2 different passwords attempted with this guessed username: daniel
2 different passwords attempted with this guessed username: cs13368
2 different passwords attempted with this guessed username: emily
2 different passwords attempted with this guessed username: emma
2 different passwords attempted with this guessed username: eric
2 different passwords attempted with this guessed username: general
2 different passwords attempted with this guessed username: bruce
2 different passwords attempted with this guessed username: jack
2 different passwords attempted with this guessed username: jackson
2 different passwords attempted with this guessed username: buexec
2 different passwords attempted with this guessed username: isabella
2 different passwords attempted with this guessed username: bruno
2 different passwords attempted with this guessed username: bkupexec
2 different passwords attempted with this guessed username: jerry
2 different passwords attempted with this guessed username: jim
2 different passwords attempted with this guessed username: brian
2 different passwords attempted with this guessed username: jayden
2 different passwords attempted with this guessed username: jeff
2 different passwords attempted with this guessed username: intern
2 different passwords attempted with this guessed username: harper
2 different passwords attempted with this guessed username: charlie
2 different passwords attempted with this guessed username: chad
2 different passwords attempted with this guessed username: glenn
2 different passwords attempted with this guessed username: charlotte
2 different passwords attempted with this guessed username: grocery
2 different passwords attempted with this guessed username: canon
2 different passwords attempted with this guessed username: info
2 different passwords attempted with this guessed username: install
2 different passwords attempted with this guessed username: celerant
2 different passwords attempted with this guessed username: henry
2 different passwords attempted with this guessed username: carlos
2 different passwords attempted with this guessed username: remote
2 different passwords attempted with this guessed username: tim
2 different passwords attempted with this guessed username: tom
2 different passwords attempted with this guessed username: Ray
2 different passwords attempted with this guessed username: robert
2 different passwords attempted with this guessed username: roger
2 different passwords attempted with this guessed username: RETAIL
2 different passwords attempted with this guessed username: ricoh
2 different passwords attempted with this guessed username: Post4
2 different passwords attempted with this guessed username: Post7
2 different passwords attempted with this guessed username: trish
2 different passwords attempted with this guessed username: peter
2 different passwords attempted with this guessed username: production
2 different passwords attempted with this guessed username: tony
2 different passwords attempted with this guessed username: toshiba
2 different passwords attempted with this guessed username: tool
2 different passwords attempted with this guessed username: sophia
2 different passwords attempted with this guessed username: sqladmin
2 different passwords attempted with this guessed username: Tech01
2 different passwords attempted with this guessed username: sofia
2 different passwords attempted with this guessed username: steve
2 different passwords attempted with this guessed username: symantec
2 different passwords attempted with this guessed username: stanley
2 different passwords attempted with this guessed username: t1
2 different passwords attempted with this guessed username: samuel
2 different passwords attempted with this guessed username: scans
2 different passwords attempted with this guessed username: terasoma
2 different passwords attempted with this guessed username: temp
2 different passwords attempted with this guessed username: Silverx
2 different passwords attempted with this guessed username: skaner
2 different passwords attempted with this guessed username: security
2 different passwords attempted with this guessed username: shop
2 different passwords attempted with this guessed username: operator
2 different passwords attempted with this guessed username: olivia
2 different passwords attempted with this guessed username: natalie
2 different passwords attempted with this guessed username: zoey
2 different passwords attempted with this guessed username: mike
2 different passwords attempted with this guessed username: william
2 different passwords attempted with this guessed username: ospite
2 different passwords attempted with this guessed username: office
2 different passwords attempted with this guessed username: veronica
2 different passwords attempted with this guessed username: vismail
2 different passwords attempted with this guessed username: victoria
2 different passwords attempted with this guessed username: noah
2 different passwords attempted with this guessed username: ncrm
2 different passwords attempted with this guessed username: wand
2 different passwords attempted with this guessed username: nss256wendys
2 different passwords attempted with this guessed username: michael
2 different passwords attempted with this guessed username: microssvc
2 different passwords attempted with this guessed username: visitor
2 different passwords attempted with this guessed username: xerox
1 different passwords attempted with this guessed username: template
1 different passwords attempted with this guessed username: cia
1 different passwords attempted with this guessed username: cihan
1 different passwords attempted with this guessed username: cayetano
1 different passwords attempted with this guessed username: muhasebe
1 different passwords attempted with this guessed username: bruno1234
1 different passwords attempted with this guessed username: comercial
1 different passwords attempted with this guessed username: susan
1 different passwords attempted with this guessed username: vrfy
1 different passwords attempted with this guessed username: camilie
1 different passwords attempted with this guessed username: teresa
1 different passwords attempted with this guessed username: telnet
1 different passwords attempted with this guessed username: ted
1 different passwords attempted with this guessed username: tape
1 different passwords attempted with this guessed username: washington
1 different passwords attempted with this guessed username: web
1 different passwords attempted with this guessed username: taylor
1 different passwords attempted with this guessed username: tcp
1 different passwords attempted with this guessed username: tarragona
1 different passwords attempted with this guessed username: tanya
1 different passwords attempted with this guessed username: teds
1 different passwords attempted with this guessed username: acct1
1 different passwords attempted with this guessed username: t12010
1 different passwords attempted with this guessed username: tammy
1 different passwords attempted with this guessed username: www
1 different passwords attempted with this guessed username: ceyda
1 different passwords attempted with this guessed username: accounting
1 different passwords attempted with this guessed username: training
1 different passwords attempted with this guessed username: tracy
1 different passwords attempted with this guessed username: travis
1 different passwords attempted with this guessed username: transition
1 different passwords attempted with this guessed username: vance
1 different passwords attempted with this guessed username: tracey
1 different passwords attempted with this guessed username: appservadmin
1 different passwords attempted with this guessed username: appismo
1 different passwords attempted with this guessed username: vanschoor
1 different passwords attempted with this guessed username: trent
1 different passwords attempted with this guessed username: user02
1 different passwords attempted with this guessed username: tsadmin
1 different passwords attempted with this guessed username: user8
1 different passwords attempted with this guessed username: user7
1 different passwords attempted with this guessed username: truck
1 different passwords attempted with this guessed username: tricia
1 different passwords attempted with this guessed username: uwe
1 different passwords attempted with this guessed username: troisi
1 different passwords attempted with this guessed username: uucp
1 different passwords attempted with this guessed username: timc
1 different passwords attempted with this guessed username: thomas
1 different passwords attempted with this guessed username: timeclock
1 different passwords attempted with this guessed username: beer
1 different passwords attempted with this guessed username: therese
1 different passwords attempted with this guessed username: term
1 different passwords attempted with this guessed username: teri
1 different passwords attempted with this guessed username: theresa
1 different passwords attempted with this guessed username: texas
1 different passwords attempted with this guessed username: backupexec
1 different passwords attempted with this guessed username: vcs
1 different passwords attempted with this guessed username: toni
1 different passwords attempted with this guessed username: vargas
1 different passwords attempted with this guessed username: tonya
1 different passwords attempted with this guessed username: tommy
1 different passwords attempted with this guessed username: timothy
1 different passwords attempted with this guessed username: timeclock mails
1 different passwords attempted with this guessed username: todd
1 different passwords attempted with this guessed username: tina
1 different passwords attempted with this guessed username: perl
1 different passwords attempted with this guessed username: pentagon
1 different passwords attempted with this guessed username: piotr
1 different passwords attempted with this guessed username: Post2
1 different passwords attempted with this guessed username: Post1
1 different passwords attempted with this guessed username: paul1234
1 different passwords attempted with this guessed username: kevin
1 different passwords attempted with this guessed username: pcadmin
1 different passwords attempted with this guessed username: karen
1 different passwords attempted with this guessed username: pdf
1 different passwords attempted with this guessed username: posuser
1 different passwords attempted with this guessed username: postmaster
1 different passwords attempted with this guessed username: prepress
1 different passwords attempted with this guessed username: program
1 different passwords attempted with this guessed username: IUSR_SERVER
1 different passwords attempted with this guessed username: jimmy
1 different passwords attempted with this guessed username: Post3
1 different passwords attempted with this guessed username: Post5
1 different passwords attempted with this guessed username: poste2
1 different passwords attempted with this guessed username: Post8
1 different passwords attempted with this guessed username: paul
1 different passwords attempted with this guessed username: myhost
1 different passwords attempted with this guessed username: nasa
1 different passwords attempted with this guessed username: love
1 different passwords attempted with this guessed username: neil
1 different passwords attempted with this guessed username: micros1
1 different passwords attempted with this guessed username: michelle
1 different passwords attempted with this guessed username: miguel
1 different passwords attempted with this guessed username: marco
1 different passwords attempted with this guessed username: mode
1 different passwords attempted with this guessed username: parking
1 different passwords attempted with this guessed username: ospite1234
1 different passwords attempted with this guessed username: patrizia
1 different passwords attempted with this guessed username: kubik
1 different passwords attempted with this guessed username: patrizia2
1 different passwords attempted with this guessed username: lorenzo
1 different passwords attempted with this guessed username: netsis
1 different passwords attempted with this guessed username: network
1 different passwords attempted with this guessed username: orders
1 different passwords attempted with this guessed username: new
1 different passwords attempted with this guessed username: publish
1 different passwords attempted with this guessed username: socket
1 different passwords attempted with this guessed username: SmokinPremiums
1 different passwords attempted with this guessed username: solaris
1 different passwords attempted with this guessed username: documents
1 different passwords attempted with this guessed username: domain
1 different passwords attempted with this guessed username: scan123
1 different passwords attempted with this guessed username: expn
1 different passwords attempted with this guessed username: evan
1 different passwords attempted with this guessed username: silver
1 different passwords attempted with this guessed username: esmtp
1 different passwords attempted with this guessed username: station4
1 different passwords attempted with this guessed username: cscadmin
1 different passwords attempted with this guessed username: sue
1 different passwords attempted with this guessed username: supervisor
1 different passwords attempted with this guessed username: contract
1 different passwords attempted with this guessed username: spiceworks
1 different passwords attempted with this guessed username: soss
1 different passwords attempted with this guessed username: daniela
1 different passwords attempted with this guessed username: csi
1 different passwords attempted with this guessed username: SQLAgentCmdExec
1 different passwords attempted with this guessed username: salesman
1 different passwords attempted with this guessed username: reguser
1 different passwords attempted with this guessed username: rcpt
1 different passwords attempted with this guessed username: relay
1 different passwords attempted with this guessed username: guard
1 different passwords attempted with this guessed username: halt
1 different passwords attempted with this guessed username: qwerty
1 different passwords attempted with this guessed username: query
1 different passwords attempted with this guessed username: rad
1 different passwords attempted with this guessed username: radiant
1 different passwords attempted with this guessed username: IME_ADMIN
1 different passwords attempted with this guessed username: rupert
1 different passwords attempted with this guessed username: fuji1
1 different passwords attempted with this guessed username: FPUPDENGUSR
1 different passwords attempted with this guessed username: fbi
1 different passwords attempted with this guessed username: sales2
1 different passwords attempted with this guessed username: report
1 different passwords attempted with this guessed username: renteria
1 different passwords attempted with this guessed username: good
1 different passwords attempted with this guessed username: gans
1 different passwords attempted with this guessed username: richard

The post Anatomy of a Password Attack appeared first on Foster Institute.

When we audit companies, it has become commonplace to discover attacks like this in progress. Place emphasis on the past two words. This isn’t a coincidence. The reality is that attackers are now constantly attempting to break into organizational accounts, from anywhere in the world, using guessed usernames and passwords. In some cases, the attackers are successful.

What you need to know: An important feature, the account lockout policy, is often overlooked when networks are configured.

Your servers can monitor failed logon attempts. It only takes your IT professionals 10 seconds to configure a policy that tells the servers that if a user enters the wrong password five times within five minutes, then his account is disabled for five minutes before he can attempt to logon again. And all of those numbers are easy to adjust individually; none of them need to be five.

The bad part of an account lockout policy is that, for the users who cannot remember their password, they only get to make a certain number of incorrect guesses at a time. That’s why you might use the number five for the values shown above. Even those basic restrictions can significantly frustrate an attacker. Locking out a user for 30 minutes after three wrong guesses may sound more secure, but it is also much more inconvenient for a forgetful user.

There is a long conversation to have about the pros and cons of setting a lockout policy, but one thing is certain: If an attacker ever gains access to your network through guessing passwords, you will wish that you’d asked your IT professional to configure the account lockout policy.

Please forward this to your friends whose organizations you care about.

The post When Attackers Come Knocking appeared first on Foster Institute.