Password Attacks Continue to Cause Major Problems

August 7, 2021
|In General, Industry News
|By PasswordRBL Staff

Password attacks continue to cause major problems.  These attacks are as old as passwords themselves, and seemingly will never go away.  Every year there are more and more high profile attacks or breaches get traced back to poor password hygiene.  Most critics lament that if only these companies had deployed Multi-Factor Authentication (MFA), this wouldn’t have happened.  But MFA doesn’t get deployed for a multitude of real-life reasons, including cost, incompatibility with older systems, end-user acceptance, etc.  And the incredibly cost-effective and simple solution of Password Blacklisting could have also stopped these attacks and without the negatives associated with MFA.

Pipeline Problems

In May 2021, a password-based hack of Colonial Pipeline Co. took down the largest fuel pipeline in the U.S. which led to fuel shortages all across the East Coast.  It was a single compromised password that allowed the attackers to completely shutdown the company and cause devastating downstream affects, including a run on fuel, higher fuel prices, but also a data breach of customer information as well.  If the company had just implemented Password Blacklisting, the poor password choice would have been caught and prevented from use in the first place.  No MFA required.

 

Supply Chain Problems

Of course we all remember the Solarwinds hack from late 2020.  Again, a single compromised password, “solarwinds123”, was found in data breach data from 2019.  The company’s poor password hygiene allowed a user to choose such a terribly crafted password.  And it doesn’t matter if it was an intern, manager or leader.  A single compromised account spells disaster.  And in the case of Solarwinds, it was not only disasters for Solarwinds, but all of their downstream customers, too.  Once in the Solarwinds network, the attackers were able to change the code of their product, granting access to any Solarwinds customer who installed the latest version – and there were some big customers hit by this, including numerous departments of the US Government and many Fortune 500 companies.

 

A Simple Solution

The easiest and most cost effective way to combat these types of attacks is to deploy Password Blacklisting.  It’s incredibly easy to do – much easier than deploying MFA.  There isn’t even a requirement to change end-user behavior or provide training.  A subscription to Password RBL is incredibly inexpensive and easy to deploy, adding another layer to your companies security stack.  Check out our solutions and request a quote today!