October 27, 2021

Volume XI, Number 300

Advertisement
Advertisement

October 27, 2021

Subscribe to Latest Legal News and Analysis

October 26, 2021

Subscribe to Latest Legal News and Analysis

October 25, 2021

Subscribe to Latest Legal News and Analysis

Passwords Used by Iranian-Backed Hackers Against Defense Contractors

When you are educating your employees about the importance of maintaining a complex password or passphrase, share this story to show why it is so important and to emphasize not to use same or similar passphrases across multiple platforms. It is not just a matter of getting into the company’s systems, but also one of national security.

This week, Microsoft shared research “that it is likely” that Iranian-backed hackers launched attacks against more than 250 U.S. and Israeli defense contractors and global maritime companies through Office 365 accounts, and were successful 20 times.

The Iranian-backed hackers used a “password spraying” techniques, that is, rapidly spraying the account with compromised passwords to see if one will work. It is disappointing to see how often this technique works to access an account. The reason why it works is because employees are using the same password across different platforms, which the hackers know, and when a password is compromised and sold on the dark web, they know where and when to use it, with devastating consequences.

Microsoft predicts that Iran and its hackers will continue this activity, particularly against defense contractors and the shipping and maritime industries.

Educate your employees on how important their passphrases are to company data and national security as foreign adversaries are using these easy techniques to gain valuable company data as well as data important to national security.

Copyright © 2021 Robinson & Cole LLP. All rights reserved.National Law Review, Volume XI, Number 287
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Linn F. Freedman, Robinson Cole Law Firm, Cybersecurity and Litigation Law Attorney, Providence
Partner

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She provides guidance on data privacy and cybersecurity compliance to a full range of public and private clients across all industries, such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine, and charitable organizations. Linn is a member of the firm's Business Litigation Group and chairs its Data Privacy + Cybersecurity Team. She is also a member of the Financial Services Cyber-Compliance Team (CyFi ...

401-709-3353
Advertisement
Advertisement
Advertisement