Cyber Access Control | MFA Enterprise Password Management | Access Smart

Morto Windows Worm Spread by Attacking Weak Passwords

Unsafe Password Management Practices

Morto article by Dovell Bonnet of Access-Smart.comThe result of poor password management and insecure systems is all too evident in the press lately with thousands of password breaches for Sony Playstation Network, Gawker media’s sites, and many others.

The new password -guessing Windows worm “Morto” is spread by attacking weak passwords. “Morto” takes advantage of the fact that so many computers, servers and networks secure the front door with a simple hook ‘n’ latch security system. By that, I mean the weakness in complexity and management of password logons.  It is not that passwords are insecure, but rather how users pick and manage their passwords. Morto works by attempting to log in to accounts using a series of incredibly weak passwords, such as “12345,” “admin,” “password,” and “test,” along with some brute-force dictionary guesses. It also attempts overly common logon names, including “administrator,” “admin,” “backup,” and “sql.”

With increasing amounts of personal information available online through social networking sites and other sources, many users are putting themselves at increased risk by using weak passwords based on known things such as the name of a child or partner.

“This particular worm highlights the importance of setting strong system passwords,” said Hil Gradascevic, a researcher with Microsoft’s Malware Protection Center. “The ability of attackers to exploit weak passwords shouldn’t be underestimated.”

No matter how IT policies try to strengthen the use of passwords, the users will always find ways to circumvent security for convenience. Forcing more complexity and frequent password changes only drives the users to even worse password management habits. That is where a multi-factor, smartcard-based password manager can solve this dilemma: Secure, complex passwords with the convenience of the user not having to know or type them.

Power LogOn® by Access Smart® takes advantage of the high security features found in smartcards, the convenience of the user only having to double click what they want to launch and the peace of mind that if the smartcard is ever lost or stolen the passwords are not compromised. Plus, passwords don’t have to be stores on the computer for works like Morto to find. So imagine the security and cost savings where IT can implement and manage a secure password policy while also lowering their help desk calls by 40%.

About Access- Smart

Did you know that 35% of all data breaches are a result of lost, stolen or compromised personal computers? That means that although companies invest in numerous technologies to protect their information, they have a 35% gap in their security plan on PC’s.

Our product, Power Logon, assists in reducing financial and business risks associated with data privacy legislation compliance. By law (e.g. HIPAA, HITECH, FACTA, PCI, etc.) companies/education/government entities must protect their customer’s and employee’s Personally Identifiable Information (PII). Failure to do so can cost these organizations, and their executive boards, millions of dollars in fines, fees and lost customers.

Please call us at 949-218-8754 for your no-obligation consultation. We are here to help!