Cybersecurity Updates

Top 25 passwords leaked online in 2018

SkOUT Secure Intelligence has released the top 25 passwords that were leaked online in 2018.

The top 25 included perennial favorites such as ‘123456’ and “password” at number one and two places, respectively, as the most common. This was followed by ‘123456789’, ‘12345678’ and ‘12345’, rounding out the top five. The list also included other obvious passwords such as “admin” and “qwerty.” New entrants to the top 25 obvious passwords include the “Princess” and “Donald”, which SkOUT says is a reference to President Donald Trump.

The 25 most commonly used passwords of 2018:

“A good password is the first line of defense between your data and an attacker, so it is vitally important that you make password security a priority in your personal and business life,” said SkOUT chief technology officer Jessvin Thomas. “If you are guilty of reusing, rotating, or using notoriously weak passwords, you are making yourself or your business an easy target for attackers.”

Sources: Security Magazine and NCU-ISAO Daily Advisory

Russian hacker accused of creating NeverQuest malware pleads guilty

Stanislav Lisov, a Russian hacker accused of creating banking malware used to steal $885,000, pleaded guilty to one count of conspiracy to commit computer hacking in the U.S. Southern District Court of New York Friday.

Lisov created the NeverQuest banking malware that was used against hundreds of financial institutions. Lisov was facing 35 years in prison when he was extradited to the U.S. from Spain after being apprehended in Barcelona in 2017. Lisov faces a maximum of five years in prison under the terms of his plea deal, according to his lawyer.

NeverQuest first was discovered in 2014 and quickly picked up by organized cybercriminal groups. The malware would infect specific banking and investment banking customers then alert its operator to where it arrived. Attackers then would funnel cash from one hacked account into others, laundering the funds through a number of accounts under their control to disguise their location, according to Kaspersky.

Sources: Cyberscoop and NCU-ISAO Daily Advisory

Keep your technology systems secure with IT Consulting Services

Designed as a service to help credit unions stay up-to-date on security issues, Credit Union Resources provides technical experts, who provide guidance on cybersecurity, network vulnerability, and compliance, share best practices, and perform risk assessments to keep credit unions up-to-date with security issues.

Idrees Rafiq, Jr., vice president of IT consulting with Credit Union Resources' Financial and Technology Resources division, addresses IT and security-related issues with compliance, marketing, vendor management, business continuity, and other business operations for credit unions ranging from $2 million to more than $2.5 billion.

“Because cybersecurity concerns change all the time, it’s critical that credit union IT professionals—or those acting as such—be more vigilant than ever," Rafiq said. "Hackers and fraudsters create new threats every day, and unfortunately, many businesses don't realize the magnitude of a new threat until it has already hit them. That's when they call us, but by then, considerable damage has more than likely occurred."

Rafiq recommends a more proactive approach that includes getting regular risk assessments performed by a team of professionals like Credit Union Resources. For more information, contact:

Idrees Rafiq
469-385-6799
800-442-5762, ext. 6799
irafiq@curesources.coop

About Credit Union Resources, Inc.
Credit Union Resources is a service corporation that provides industry-leading solutions and expertise to credit unions across the country. Credit Union Resources is a wholly owned subsidiary of the Cornerstone Credit Union League, a regional trade association representing the interests of credit unions in Arkansas, Oklahoma, and Texas.