The Communications Authority of Kenya recently released their Q1 2018 Sector Statistics Report and it has some interesting tidbits.
First is the section about the National Cyber Threat Landscape. The National KE-CIRT/CC detected over 7.9 million cyber threats, which was a 25% drop compared to the previous quarter.
The most interesting tidbit under the various list of cyber threats detected is the rise of online abuse in the time frame the data was collected. According to CA, online abuse has increased by 1155% compared to last quarter (1757 cases vs 140) which is quite significant.
During this quarter, the National KE-CIRT/CC validated and escalated 3,488 cases, of which online abuse took the lions share (1737 cases) up from 99 last quarter. This was a 1654.5% increase. According to them, online abuse means ‘online fraud, hate speech, incitement to violence and fake news.
he report also revealed the top most targeted service ports when unscrupulous identities targeted file sharing, web services or voice over IP (VoIP) applications. This includes:
- Port 445 which is Microsoft Directory Services that is used for sharing files in Windows
- Port 80 (HTTP)
- Port 5060 (Session Initiation Protocol) that is used for signaling and controlling multimedia sessions like VoIP and Chat
- Port 22 (Secure Shell) that is used for securely connecting to remote machines on the same or different network
- Port 23 (Telnet) that allows a user on one computer to log onto another computer on the same or different network.
The other bit of news is about the common username and passwords used in brute force attacks. It is surprising such basic passwords and usernames are being used by a majority of software and hardware vendors
Here are the top usernames and passwords and their total number of instances.
- root (2011)
- user (1141)
- usuario (81)
- test (51)
- guest (46)
- ftpuser (40)
- support (31)
- postfix (26)
- postgres (25)
- hadoop (20)
- admin (209)
- 1234 (165)
- password (197)
- 12345 (143)
- Root (97)
- Ubnt (102)
- 123456 (138)
- default (99)
- 0000 (102)
- admin123 (73)