Passwords and appearances for change – Newspaper Kommersant No. 157 (7358) of 08/29/2022

For the first time, attackers began to be interested in buying databases containing encrypted codes (hash) of passwords for identification on sites and services, DLBI experts noticed. We are mainly talking about the data of civil servants and employees of large companies – they are needed to be used in hacking critical information infrastructure, experts believe. The password security policy in most organizations and departments is very weak, they emphasize: simple passwords are used, as well as common logins per department, and their replacement often does not occur even when employees leave.

The DLBI darknet monitoring system has recorded a surge in cybercriminals’ interest in buying databases containing password hashes (encrypted codes that are assigned to the user and used for identification) of Russian services and sites. Representatives of the company told Kommersant about this. DLBI clarifies that the demand for such a segment is observed for the first time and growth can only be estimated from a zero base.

DLBI experts analyzed the resources where databases are exchanged and came to the conclusion that the purpose of the collection was to identify logins and passwords belonging to civil servants and employees of large companies for their subsequent use in hacking critical information infrastructure (fuel complex, financial institutions, telecom operators, etc.). .). “The growing interest in this data indicates the preparation of a large-scale attack on the public sector in the near future,” the DLBI believes.

In particular, the availability of up-to-date passwords for users of government information systems allows attackers to successfully carry out a password reuse attack, when the obtained login-password pair is used to access other victim accounts, from mail to corporate online services, for example, to a workplace. , explained the founder of DLBI Ashot Hovhannisyan.

During the first half of the year, the number of cyberattacks in Russia as a whole increased by 15 times, while on the public sector – by 17 times (see Kommersant of August 25). So, for example, in April, hackers hacked into and published the email database of the Ministry of Culture, the administration of the city of Blagoveshchensk and the office of the governor of the Tver region with a volume of more than 700 GB, the attack was carried out through a mail server (see “Kommersant” dated April 14).

“Recently, we are increasingly seeing hacking of state portals, websites of enterprises, TV channels, and much more,” notes Evgeny Antipov, owner of the Eye of God Telegram bot. engineering: attackers gain access through the accounts of resource employees. He also expects that in the second half of the year, the trend for hacking the public sector may increase.

The password policy in most large companies and especially government departments is very weak, Ashot Hovhannisyan emphasizes: “Simple passwords are used, they are not replaced not only according to the schedule, but also when employees leave, and common logins and passwords of departments are also used.” In addition, the analysis of several passwords of one user with a probability of more than 70% makes it possible to generate almost all passwords used by him, and then use them in the selection, Mr. Oganesyan explains.

On the darknet, you can find services for searching for strings of interest, including logins, email, phone numbers, password hashes in collected databases, confirms Sergey Shcherbel, cybersecurity expert at Kaspersky Lab: “The more leaked databases fall into the hands of attackers and the more data will be found for a single user, the more effective this tool becomes in preparing cyberattacks.”

Group-IB has not yet observed sales of such databases with a password hash, but notes that in general the number of databases of Russian organizations put up for sale and in the public domain is growing: since June alone, about 100 such offers have been put up. The company says that such a surge is observed for the first time.

Tatyana Isakova