Industrial engineers and operators are the target of a new campaign that leverages password cracking software to seize control of Programmable Logic Controllers (PLCs) and co-opt the machines to a botnet.
((TOP)) How To Crack Delta Hmi Password
The infections culminate in the deployment of the Sality malware for carrying out tasks such as cryptocurrency mining and password cracking in a distributed fashion, while also taking steps to remain undetected by terminating security software running in the compromised workstations.
"In general, it appears there is an ecosystem for this type of software," Hanson noted, attributing the attacks to a likely financially motivated adversary. "Several websites and multiple social media accounts exist all touting their password 'crackers.'"
Hashes are commonly used to store sensitive information like credentials to avoid storing them in plaintext. With tools like Hashcat, it's possible to crack these hashes, but only if we know the algorithm used to generate the hash. Using a tool called hash-identifier, we can easily fingerprint any hashes to discover the right Hashcat mode to use to retrieve a password.
But two or more of the same passwords using the same hashing function will have the same hash, so one could determine the hashes for an entire password list using that hashing function, then use that data to determine the matching password. And that's what a lot of password-cracking tools do.
While hashes are better than storing a password in plaintext, they can still be cracked if a good rule or password list is used with Hashcat or another cracking program. But you can't just point Hashcat at any hash and expect it to work. Imagine Hashcat as a drill with many different sized bits. For each type of hash we want to crack, we need to attach a different "bit" to Hashcat by setting it to the correct mode to attack the target hash.
After adding some password guesses that include the word "hashcat" for this example, hit Control-X to exit, then Y, and confirm the filename. We can now use this file as our list of plaintext guesses, along with the mode we discovered, to crack the hash. The basic formula we will use will look like this:
Many security "experts" are running around these days mumbling about rainbow tables and telling us how they can crack any Windows password in 2 seconds. "Windows security sucks!" they say. Well, I'm here to tell you that if you take 10 steps to increase password security, would-be intruders can crack all day, but they won't get your Windows logon passwords.
Some password hashes, but not Windows', add a random seed value, called a salt, to the hash to ensure that no two passwords produce the same hash. Salting strengthens any password hash and requires additional computations to crack the password, so it's unfortunate that Windows doesn't use a salt.
Microsoft subsequently created the NT hash for NT. Although not uncrackable, the NT hash is significantly more difficult to crack than the LM hash. If a password is sufficiently long and complex (more on that later), a hacker can require days or months to convert the NT hash to its plaintext original. Unfortunately, NT and later versions of Windows by default store both hash values for every password. The simple step of disabling the storage of LM hashes significantly increases your network's password security.
Authentication Protocols Win2K and later can use four authentication protocols: LAN Manager, NTLM, NTLMv2, and Kerberos. LAN Manager was the original protocol, and if LAN Manager authentication traffic is sniffed off the network, compromising the password is trivial. Microsoft released the NTLM protocol with NT, but that protocol was later found to contain flaws. Microsoft then developed NTLMv2 for Win2K. That version has withstood the test of time and has been ported back to NT and Windows 9x. Password crackers can't easily break NTLMv2 traffic.Win2K and later domain logons use the Kerberos protocol, which uses the NT hash and is fairly secure.
2. Require long, complex passwords. Require passwords of 15 or more characters with at least some basic complexity. By default, computers running Windows XP and later OSs have password complexity turned on (although it's debatable whether Microsoft's definitions of complexity are sufficiently rigorous). A password with 15 or more characters disables the creation of an LM password hash, thereby defeating most password cracking tools, including most rainbow tables. If your password is also complex, it will defeat rainbow tables, which can't handle complex NT password hashes in a reasonable period of time. (This situation could change with future improvements in password cracking techniques, however.)
5. Force moderately frequent password changes. From Group Policy or Local Security Policy, navigate to Computer Configuration\Windows Settings\Security Settings\Local Policies\Password Policy and set the Maximum password age setting to no more than 90 days. Given enough time, any password guesser, cracker, or rainbow table can defeat any password. But if a password is at least 15 characters long and complex, it will take most attackers more than 90 days to crack it. Any reasonable interval can be argued; just don't make your users switch passwords too frequently, because then they'll start writing down their passwords.
10. Audit passwords regularly. Finally, try to crack your organization's passwords yourself on a regular basis using some of the password cracking tools mentioned in "Types of Password Attacks." Do it before attackers do it. You can use the results as a compliance test and assist end users who don't follow recommended password policy to change their ways.
Robotic systems and platforms are vulnerable to various attack types, risking the disclosure, destruction, alteration and modification of sensitive information. Other risks are also associated with weak authentication and password cracking attacks, allowing attackers to gain a remote unauthorized access to the system to perform malicious tasks. 2ff7e9595c
Comments