Attacking users in 2023: Password stealers made over 32m attempts: Kaspersky report

ISLAMABAD: A global cybersecurity firm disclosed that over 32 million attempts were made by the password stealers to attack users including corporate businesses during 2023.

A report released by Kaspersky on Friday, in June 2024, Kaspersky experts conducted a large-scale study on the resistance of 193M English passwords, compromised by infostealers and available on the dark net, to brute force and smart guessing attacks.

According to the research results, 45 percent of all analyzed passwords which is almost 87 million could be guessed by scammers within a minute. Only 23 percent (44 million) of combinations turned out to be resistant enough and cracking them would take more than a year.

Kaspersky telemetry indicated more than 32 million attempts to attack users with password stealers in 2023. These numbers show the importance of digital hygiene and timely password policies. The results of the Kaspersky study demonstrate that the majority of the reviewed passwords were not strong enough and could be easily compromised by using smart guessing algorithms.

Besides, the majority of the examined passwords (57 percent) contain a word from the dictionary, which significantly reduces the passwords’ strength. Among the most popular vocabulary sequences, several groups can be distinguished. The analysis showed that only 19 percent of all passwords contain signs of a strong combination – a non-dictionary word, lowercase and uppercase letters, as well as numbers and symbols. At the same time, the study revealed that 39 percent of such passwords could also be guessed using smart algorithms in less than an hour.

In order to strengthen passwords, users should use a different password for each service. That way, even if one of your accounts is stolen, the rest won’t go with it. It’s better not to use passwords that can be easily guessed from your personal information, such as birthdays, names of family members, pets, or your own name.

These are often the first guesses an attacker will try. It is nearly impossible to memorize long and unique passwords for all the services you use, but with a special solution, such as Kaspersky password manager, you can memorize just one master password.

Yuliya Novikova, Head of Digital Footprint Intelligence at Kaspersky stated that the most dependable solution is to generate a completely random password using modern and reliable password managers.

“Enable two-factor authentication (2FA). Using a reliable security solution such as Kaspersky Premium will enhance your protection. It monitors the internet and Dark Web and warns if your passwords need to be changed,” the report added.

Copyright Business Recorder, 2024