Like stealing kids’ candy: hackers break your PoS

If you were thinking that breaking into PoS (Point of Sale) systems has to always be complicated, you might have to change your perspective once you see the results of the latest researches in this matter.

password_guessing_picks
Source: theregister.co.uk

For about one year now security analysts of Rapid7 have collected data about the opportunistic credential-scanning from Heisenberg, the MetaSploit firm’s public-facing network of honeypots. Unexpectedly (or not), the reports regarding the most often guessed passwords and usernames were the most interesting. If – back in the days – users were going with classics like “12345” and “password”, it appears they now have new favorites: “x”, “St@rt123”, “P@ssw0rd”, and “admin” are all passwords that appear in the top 10 of guessing attempts list. Usernames such as “administrator”, “admin”, and “pos” were top listed among the wild-guesses, too.

The study shows that the majority of attempted passwords are very simple ones, which leads to the assumption that hackers fully believe in the user’s lack of interest in security. That’s why they continuously are on the lookout for vulnerable victims, especially for systems with default login credentials which they can subsequently hacked easily.

Where the big trouble stirs

According to the study led by Rapid7 and published by theregister.co.uk, China is the country with the most login attempts registered (39,9%), followed by the United States of America (24,9%) and, lagging far behind, by South Korea. Russia was not even included in the top 10, probably because all the presumed PoS hackers are using proxies that are located wherever.

It has become obvious that we should pay more attention to our usernames and passwords. So, if your cat or dog has a name that is impossible to be remembered even by your friends, then don’t hesitate to use it as a password*. At least you will know that somewhere a hacker is having a little bit more trouble trying to get to your account.

* Please NEVER use the name of your family members, pets, or favorite books/movies/hobbies as your password

This post is also available in: GermanFrenchItalian