{"id":1484,"date":"2021-05-04T02:17:44","date_gmt":"2021-05-04T02:17:44","guid":{"rendered":"https:\/\/people.utm.my\/azhari\/?p=1484"},"modified":"2021-05-04T02:18:10","modified_gmt":"2021-05-04T02:18:10","slug":"this-spreadsheet-of-the-worst-25-passwords-is-actually-malware","status":"publish","type":"post","link":"https:\/\/people.utm.my\/azhari\/2021\/05\/04\/this-spreadsheet-of-the-worst-25-passwords-is-actually-malware\/","title":{"rendered":"This Spreadsheet of \u2018The Worst 25 Passwords\u2019 Is Actually Malware"},"content":{"rendered":"\n<p>IMAGE: CATHRYN VIRGINIA\/MOTHERBOARD<\/p>\n\n\n\n<p>Hackers in the Middle East have reportedly been trying to hack critical infrastructure companies, sometimes using booby-trapped spreadsheets that appeared to contain the uber-popular \u201cworst passwords\u201d list that we all love to laugh at.<\/p>\n\n\n\n<p>In the words of&nbsp;<a href=\"https:\/\/www.youtube.com\/watch?v=Jne9t8sHpUc\" target=\"_blank\" rel=\"noreferrer noopener\">Alanis Morrisette<\/a>: isn\u2019t it ironic, don\u2019t you think?<\/p>\n\n\n\n<p>Cybersecurity firm Dell Secureworks&nbsp;<a href=\"https:\/\/www.secureworks.com\/blog\/lyceum-takes-center-stage-in-middle-east-campaign\" target=\"_blank\" rel=\"noreferrer noopener\">detailed an espionage campaign<\/a>&nbsp;focused on targets in the Middle East from May of this year in a blog post earlier this week. In this case, security researchers said they didn\u2019t have enough evidence to point the finger at any known hacking group, but said the hackers may be associated with APT33 or APT34, which are believed to be groups working for the Iranian government.ADVERTISEMENT<\/p>\n\n\n\n<p>The hackers in this campaign used techniques such as&nbsp;<a href=\"https:\/\/www.ncsc.gov.uk\/blog-post\/spray-you-spray-me-defending-against-password-spraying-attacks\" target=\"_blank\" rel=\"noreferrer noopener\">password-spraying<\/a>\u2014when hackers use a list of common passwords hoping to guess it right\u2014and brute forcing to hack into victim\u2019s accounts. They then use the hacked accounts to send phishing emails with malicious attachments to other people in the hacked organization, according to Secureworks.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p><strong><em>Have a tip about a hack or a security incident? You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, OTR chat at lorenzofb@jabber.ccc.de, or email<\/em><\/strong>&nbsp;<strong><em>lorenzofb@vice.com<\/em><\/strong><\/p><\/blockquote>\n\n\n\n<p>In one case in 2018, the hackers used a spreadsheet that appeared to contain security tips, which told people to use an anti-virus and strong passwords. Another infected spreadsheet contained a list of \u201cThe Worst 25 Passwords of 2017,\u201d as well as embedded malware, according to Secureworks.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/video-images.vice.com\/_uncategorized\/1567091312990-worst-passwords.png\" alt=\"worst-passwords\" \/><\/figure>\n\n\n\n<p>\u201cIt\u2019s a brilliant piece of social engineering that takes advantage of one of security professionals\u2019 worst tendencies: to gloat over security failures,\u201d Wendy Nather, the head of advisory chief information security officers at cybersecurity firm Duo, said in an online chat.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>IMAGE: CATHRYN VIRGINIA\/MOTHERBOARD Hackers in the Middle East have reportedly been trying to hack critical infrastructure companies, sometimes using booby-trapped spreadsheets that appeared to contain the uber-popular \u201cworst passwords\u201d list that we all love to laugh at. In the words of&nbsp;Alanis Morrisette: isn\u2019t it ironic, don\u2019t you think? Cybersecurity firm Dell Secureworks&nbsp;detailed an espionage campaign&nbsp;focused [&hellip;]<\/p>\n","protected":false},"author":14428,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"off","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[10,3],"tags":[],"class_list":["post-1484","post","type-post","status-publish","format-standard","hentry","category-gallery","category-news"],"_links":{"self":[{"href":"https:\/\/people.utm.my\/azhari\/wp-json\/wp\/v2\/posts\/1484","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/people.utm.my\/azhari\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/people.utm.my\/azhari\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/people.utm.my\/azhari\/wp-json\/wp\/v2\/users\/14428"}],"replies":[{"embeddable":true,"href":"https:\/\/people.utm.my\/azhari\/wp-json\/wp\/v2\/comments?post=1484"}],"version-history":[{"count":1,"href":"https:\/\/people.utm.my\/azhari\/wp-json\/wp\/v2\/posts\/1484\/revisions"}],"predecessor-version":[{"id":1486,"href":"https:\/\/people.utm.my\/azhari\/wp-json\/wp\/v2\/posts\/1484\/revisions\/1486"}],"wp:attachment":[{"href":"https:\/\/people.utm.my\/azhari\/wp-json\/wp\/v2\/media?parent=1484"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/people.utm.my\/azhari\/wp-json\/wp\/v2\/categories?post=1484"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/people.utm.my\/azhari\/wp-json\/wp\/v2\/tags?post=1484"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}