More than 40,000 of over 1.8 million administrator credentials compromised by information-stealing malware that have been recovered from January to September were "admin," indicating the prevalence of weak passwords used in administrator portals and the elevated vulnerability of enterprise networks to cyberattacks, reports BleepingComputer.
Rounding out the ten weakest authentication credentials were "123456," "12345678," "1234," "Password," "123," "12345," "admin123," "123456789," and "adminisp," an Outpost24 report revealed.
"Most of the passwords in our list could have been easily guessed in a rather unsophisticated password-guessing attack," said Outpost24 researchers.
With admin portals commonly enabling configuration, account, and security setting access, as well as database operations management, organizations have been urged to implement robust and unique passwords across all accounts.
Organizations should also adopt endpoint and detection response solutions, while ensuring the deactivation of browser-based password saving and auto-fill options, preventing cracked software usage, and implementing domain checking for redirections, according to Outpost24.