UserGate Development Manager Alexander Lugansky

[tanjimajuha20]

he head of the information security department of Reksoft LLC, Yulia Konovalova, said that the company has established requirements for password complexity and employees themselves choose passwords that meet the required criteria.

Denis Kuzmichev, CEO of Level 7 LLC, believes that the increase in incidents in the sector may be due to the fact that attackers choose the most visited and at the same time poorly protected resources for attacks: services of colleges, schools, small organizations often rely on minimal and template rules of i nepal whatsapp resourcenformation security, One of the reasons is the sharp increase in attacks of the "password spraying" type, i.e. selection of a login to an existing dictionary password. Such an attack is a type of brute force - a technique for hacking an account, in which all possible logins and passwords are tried. In this case, we are talking about attempts by attackers to select different logins to one dictionary password. Such passwords are simple combinations that consist of common words and phrases (12345, Qwerty, Password_0000, etc.)," ​​- said in a statement from Solar Group.

said that password spraying attacks are a method of attack in which attackers try to use the same password for multiple accounts before moving on to the next password: "In default systems, this avoids account lockouts that can occur with multiple failed login attempts using different passwords for a single account."

Sergey Golovanov, chief expert at Kaspersky Lab, believes that if employees use unique, complex combinations as passwords and change them regularly, the number of incidents could be reduced by a third.

Head of the Information Security Service of JSC InfoWatch Roman Alabin told a ComNews correspondent that there is always a chance for a successful brute force attack - as practice shows, dictionary passwords are still a common story among all categories of users: "Regardless of what type of brute force we are talking about - spraying, that is, selecting logins for popular dictionary passwords, or selecting passwords for accounts. If the necessary security measures are not taken, then the selection occurs quickly for accounts of any access level."

Alexander Dmitriev, CEO of Neuroinform LLC, agreed that since the beginning of 2024, the number of incidents related to the compromise of credentials has increased: "Password spraying attacks have been known for quite a long time and are quite common among pentesters and hackers, since they are very easy to implement and raise much less suspicion than classic brute force attacks among SIEM systems and SOC specialists and, accordingly, are blocked less often. I think that these reasons play a major role in the growing popularity of this type of attack."and IT departments sometimes use one universal access for several employees at once, which ultimately leads to security problems."

Kai Mikhailov, Head of Information Security at Itprotect, said that dictionary passwords are a popular method of setting passwords among IT company employees: "We discovered this practice during a pentest. For example, the vast majority of companies use the Active Directory domain, which has obvious problems with checking the use of password policies by users. Dictionary passwords often fit all password policies. There are overlay protection tools that allow you to control such things, but at the moment they are mostly foreign."

Igor Dusha, Director of the Nota Kupol portfolio of solutions at T1 Holding, noted that, as a rule, employees themselves are responsible for setting passwords, observing the security restrictions established within applications: "They are set by administrators or information security specialists, and it is practically impossible for an ordinary user to bypass them, which provides a high level of protection. Additional protection is provided by password management systems that control user accounts and utility programs. One of the best practices is the use of one-time passwords (OTP), which are generated and updated automatically, maintaining the proper level of complexit