FBI warnings concerning the Scattered Spider collective, behind ransomware attacks on the retail, insurance, and most recently, aviation sectors, have now become an alarming reality. Qantas has confirmed a significant cyber incident, involving a third-party supplier, has potentially impacted the data of some six million customers. 2FA bypass is common currency for Scattered Spider and other threat actors, and the FBI report has confirmed this. But maybe now it’s time to also look at how poorly every sector, including consumers, manages passwords. TL;DR, dear reader, the answer is very poorly indeed. Here are the passwords that nobody should be using.
FBI And CISA Password Advice Is Being Ignored
Let’s get one thing straight here: password management is not a difficult thing. It would seem, however, that getting the basics of password creation and use is. That’s the only reason I can come up with as to why so many people, corporate, within industry sectors and consumers, are failing to do it properly. Well, there’s another reason, but I’m too polite to mention it here; I’m sure you can guess what it is. The point is that, as evidenced by an updated study by NordPass, weak and downright dangerous passwords are still being used long past their expiration date.
Although Scattered Spider focuses attention on bypassing 2FA protections using social engineering means to persuade IT help desks to “add unauthorized MFA devices to compromised accounts,” it is not the only weapon in its arsenal. All ransomware groups will look to the weakest link, the easiest protection to break, when it comes to initial access. And that, as you likely will have guessed, means login credentials.
The NordPass study revealed what many in the cybersecurity field already knew: weak passwords, reused passwords, and passwords that are, frankly, totally unfit for consumption, are common across most all industry sectors.
Considering the Scattered Spider attacks on aviation, let’s focus on the transportation sector as an example. “The transportation and logistics industry is a critical part of global infrastructure,” Karolis Arbaciauskas, head of business product at NordPass, said, “but the cybersecurity basics are being ignored.”
Those basics can be found in this Cybersecurity and Infrastructure Security Agency advisory, compiled with the assistance of the FBI, covering the tactics, techniques and procedures used by the Scattered Spider threat group.
You Should Never Use These Passwords. Period.
You only have to look at the most common list for this sector, included on the report page previously linked to, and you will see what Arbaciauskas is referring to. It is peppered with such password atrocities as 123456, Dell, 12345678, password, 111111, 1234, 123456789 and qwerty. I could go, but I won’t: go and see for yourself. Or you might want to take a look at this list of dangerous passwords I have compiled from NordPass and other research.
“Weak credentials put customer data, delivery routes, and operational continuity at risk,” Arbaciauskas said, adding that “Fixing password practices is a fast, effective way to avoid delays caused by data breaches or operational downtime.”
The FBI has warned you, CISA has advised you, cybersecurity professionals have shown you the dangers, so when are you going to stop using those easily hacked passwords and start taking credential security seriously? Better yet, when are you going to change to passkeys, which are way more secure?
