14 DAY TRIAL // During the past year, cyber-security firm Rapid7 collected data from strategically positioned honeypots that were made to look like office, point-of-sale (PoS), and kiosk payment systems that had their RDP port open.
Rapid7 says that, during the past 334 days, as part of the Project Heisenberg honeypot experiment, its servers collected 221,203 login attempts, coming from 5,076 IP addresses spread across 119 countries.
The hackers, in their attempts to brute-force their way into the exposed systems, tried to use 1,806 different usernames and 3,969 passwords.
Unbelievably, the most tried password was "x" (11,865 times), followed by "Zz" (10,591 times), and then by "St@rt123" (8,014 times). The other passwords in the top 10 list are "1," "P@ssw0rd," "bl4ck4ndwhite," "admin," "alex," "......." (seven dots), and "administrator."
Yes, there were over 4,000 hackers that thought the name Alex was somewhat more special than John or Lisa, and tried to see if it was the server's password.
Most illegal login attempts came from China
The same name obsession is found on the top 10 username list as well. The top three most tried-out usernames were "administrator" (77,125 times), "Administrator" (53,427 times), and "user1" (8,575 times). The rest of the top 10 is made up of "admin," "alex" (again), "pos," "demo," "db2admin," "Admin" and "sql."
Most of the login attempts came from China (88,227), followed by the US (54,977), and South Korea (13,182). The top 10 lineup is completed by the Netherlands, Vietnam, the UK, Taiwan, France, Germany, and Canada.
You can find more details and statistics in Rapid7's The Attacker’s Dictionary, Auditing Criminal Credential Attacks report.
