Blog Ransomware attacks: Change your weak passwords

Ransomware remains a massive threat to businesses of all sizes, in 2018 83% of Managed Service Providers reported ransomware attacks against their clients with the number and frequency of incidents increasing year over year since 2016. A lack of cybersecurity education and weak passwords are the leading cause of successful ransomware attacks. In recent years ransomware attacks relied on phishing emails and spam as the initial infection vector. In the past months, attackers have started shifting to brute-force attacks, which now account for 31% of attack attempts. With ransomware having such a crippling effect on business both in operational downtime and cost, preventing attacks should be a key area of focus.

Brute force attacks are attacks where hackers attempt to access systems and services by inputting as many passwords as possible. These attacks are typically automated and allow multiple simultaneous login attempts. Recent studies show that Canada has some of the highest security incident costs in the world, the average ransom price is $13,000, and the average downtime loss is $65,000. Losing a significant amount of money because personnel use passwords such as “123456” or “Summer2019” is extremely painful. Frequently Packetlabs identifies weak passwords used within organizations, default credentials and credentials re-used across multiple accounts, including administrative accounts. Organizations need to take time to ensure their password policies mandate strong passwords and maintain them over time.

2019 Password Policy Considerations:

• Minimum length of 10 characters.

• Avoid using passwords and use passphrases, such as a short sentence.

• The longer the password, the better. Complexity helps but length is significantly more critical.

• Complexity: at least 1 number, one upper and one lower case letter, one special character.

• Never re-use a password across multiple accounts, especially privileged users such as IT and finance roles.

All it takes is one user to have weak or compromised credentials for an organization to fall victim to successful cyber-attacks. Following a disaster, 90% of small businesses fail within a year if operations do not resume within five days, and 60% of small business fail after a disaster. In addition, to secure passwords having multi-factor authentication for internet facing logins, it is recommended as part of a holistic approach to implement access controls. Services like VPN and email should require a second factor for authentication, in the event a user’s account is compromised an attacker from across the world won’t be able to log in.

Authentication processes involve three factors of authentication:

• Something you know (e.g., a username and password)

• Something you have (e.g., a token generator or mobile device with authenticator app)

• Something you are (e.g., fingerprint)

Most authentication processes will utilize “something you have” for a second factor, and commonly use a mobile authenticator or token generator. Mobile authenticator applications are low cost to implement and often free to install on the user’s mobile device. The most popular email service providers support various mobile authenticators out of the box at no or little additional cost.

Countless organizations are looking into cyber insurance to aid with the financial impact of being hit with ransomware in the interim. In the long run, preventing ransomware through a healthy security posture is the wise approach, overtime attackers evolve and innovate and are primarily motivated by financial interests. Your businesses security should strive to be ahead of attackers and ready to adapt as the threat landscape changes.

Penetration testing is a valuable investment to ensure your business is not vulnerable to cyber-attacks, which can threaten your business. Companies of all sizes are subject to attacks, and identifying weaknesses will help prioritize security efforts and improve budget efficiencies. If you’re looking for additional information about how a penetration test can help, start a conversation with our team today.