Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityAccess ManagementIdentity ManagementCybersecurity News

Half of Government, Military Passwords are Weak

Cybersecurity passwords
September 13, 2018
New research from the WatchGuard Threat Lab reveals that 50 percent of government and military employee LinkedIn passwords, largely from the US, were weak enough to be cracked in less than two days.

“Authentication is the cornerstone of security and we’re seeing overwhelming evidence of its critical importance in the common trend of password- and credential-focused threats throughout Q2 2018,” said Corey Nachreiner, chief technology officer at WatchGuard Technologies. “Whether it’s an evasive credential-stealing malware variant or a brute force login attack, cyber criminals are laser-focused on hacking passwords for easy access to restricted networks and sensitive data.”

The report found:

  • Roughly half of government and military employee passwords are weak. After conducting a thorough analysis of the 2012 LinkedIn data dump to identify trends in user password strength, WatchGuard’s Threat Lab team found that half of all passwords associated with “.mil” and “.gov” email address domains within the database were objectively weak. Of the 355,023 largely US government and military account passwords within the database, 178,580 were cracked in less than two days. The most common passwords used by these accounts included “123456,” “password,” “linkedin,” “sunshine,” and “111111.” Conversely, the team found that more than 50 percent of civilian passwords were weak. These findings further illustrate the need for stronger passwords for everyone, and a higher standard for security among public service employees that handle potentially sensitive information. In addition to better password training and processes, every organisation should deploy multi-factor authentication solutions to reduce the risk of a data breach.
  • Mimikatz was the most prevalent malware variant in Q2. Representing 27.2 percent of the top 10 malware variants listed last quarter, Mimikatz is a well-known password and credential stealer that has been popular in past quarters but has never been the top strain. This surge in Mimikatz’s dominance suggests that authentication attacks and credential theft are still major priorities for cyber criminals – another indicator that passwords alone are inadequate as a security control and should be fortified with MFA services that make hackers’ lives harder by requiring additional authentication factors in order to successfully login and access the network.
  • More than 75 percent of malware attacks are delivered over the web. A total of 76 percent of threats from Q2 were web-based, suggesting that organizations need an HTTP and HTTPS inspection mechanism to prevent the vast majority of attacks. Ranked as the fourth most prevalent web attack in particular, “WEB Brute Force Login -1.1021” enables attackers to execute a massive deluge of login attempts against web applications, leveraging an endless series of random combinations to crack user passwords in a short period of time. This attack in particular is another example of cyber criminals’ heightened focus on credential theft and shows the importance of not only password security and complexity, but the need for MFA solutions as a more effective preventative measure.
  • Cryptocurrency miners earn spot as a top malware variant.As anticipated, malicious cryptominers are continuing to grow in popularity as a hacking tactic, making their way into WatchGuard’s top 10 malware list for the first time in Q2. Last quarter, WatchGuard uncovered its first named cryptominer, Cryptominer.AY, which matches a JavaScript cryptominer called “Coinhive” and uses its victims’ computer resources to mine the popular privacy-focused cryptocurrency, Monero (XRM). The data shows that victims in the United States were the top geographical target for this cryptominer, receiving approximately 75 percent of the total volume of attacks.
  • Cyber criminals continue to rely on malicious Office documents. Threat actors continue to booby-trap Office documents, exploiting old vulnerabilities in the popular Microsoft product to fool unsuspecting victims. Interestingly, three new Office malware exploits made WatchGuard’s top 10 list, and 75 percent of attacks from these attacks targeted EMEA victims, with a heavy focus on users in Germany specifically.
KEYWORDS: authentication cyber security passwords

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cyber Tactics Column
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity Education & Training
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Person working on laptop

Governance in the Age of Citizen Developers and AI

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Cybersecurity passwords

    Weak Passwords Caused 30% of Ransomware Infections in 2019

    See More
  • password1-900px.jpg

    CA to Ban Weak Passwords

    See More
  • Netflix users share their password

    More than half of Netflix subscribers share their passwords

    See More

Related Products

See More Products
  • 9780367259044.jpg

    Understanding Homeland Security: Foundations of Security Policy

  • databasehacker

    The Database Hacker's Handboo

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing