The Attacker’s Dictionary - Auditing Criminal Credential Attacks

By: Tod Beardsley, Senior Security Research Manager
Roy Hodgman, Data Scientist
Jon Hart, Senior Security Researcher
Harley Geiger, Director of Public Policy

Given Rapid7’s unique visibility into the credentials that attackers are choosing, we can measure a variety of statistics that are of interest to security practitioners and data scientists. For security practitioners, we report on the frequency and source of opportunistic attacks; the top attempted usernames, passwords, and username:password combinations, and the overlap between these chosen credentials and published password dumps collected from breach data.

Download and read the full report to learn about:

  • Rapid7’s Heisenberg Honeypots
  • Credential scanning traffic analysis
  • Password complexity and provenance
  • Advice for securing RDP endpoints
  • Considering the CFAA
  • And more

This report is written not only for security practitioners and those interested in keeping their organizations secure, but also to help educate legislators and policy¬makers with the on current issues with the law that affects active credential scanning for research purposes.

Fill out the form below to download the report

This paper is the product of nearly a year’s worth of opportunistic credential scanning data collected from Heisenberg, Rapid7’s public-facing network of low-interaction honeypots. Instead of focusing on the passwords that end users typically pick, with this data we can see what opportunistic scanners are using in order to test— and likely compromise— Internet connected point of sale (POS) systems, kiosks, and scamware-compromised desktop PCs which offer the Remote Desktop Protocol (RDP) service for remote management.