Cybersecurity might seem like a complex topic, but sometimes, the biggest threats stem from the simplest oversights. Imagine a single weak password causing a successful, long-standing company to collapse and hundreds of people to lose their livelihoods. This isn’t a hypothetical scenario; it’s a stark reality recently highlighted by the British Broadcasting Corporation (BBC).
The Devastating Story of KNP
The BBC recently brought to light the devastating story of KNP, a 158-year-old Northamptonshire transport company. This company, which ran 500 lorries under the brand name Knights of Old, was destroyed by a ransomware gang known as Akira.
According to the BBC’s report, the hackers managed to gain entry to KNP’s computer system by guessing an employee’s password. Once inside, they encrypted the company’s data, locking its internal systems and demanding a ransom, which was estimated to be as much as £5 million. KNP couldn’t pay, leading to the loss of all their data, the company going under, and 700 people losing their jobs.
This serves as a chilling reminder that even companies with IT systems that complied with industry standards and had cyber-attack insurance can fall victim to such a seemingly small vulnerability. The BBC report underscored that while big names like M&S, Co-op, and Harrods have also been attacked, KNP’s case illustrates the ultimate, tragic consequence of such a breach. The National Cyber Security Centre (NCSC) even states that they deal with a major attack every day, and hacking is on the rise because it’s such a lucrative crime.
Why Weak Passwords Are Still a Serious Risk
The KNP tragedy isn’t an isolated incident, but rather a severe example of a widespread problem: weak passwords remain a critical risk factor. Cybersecurity experts, like those at the National Cyber Security Centre (NCSC) and the National Crime Agency (NCA), continually warn about this growing threat, with incidents almost doubling in the last two years.
Here’s why this seemingly simple issue is so dangerous:
- Easy Entry: Many attackers don’t need sophisticated hacking skills; they just look for weak links and take advantage of “a bad day” for an organization. Using default or easily guessable passwords is like leaving your front door key under the mat for anyone to find.
- Common Knowledge: Passwords like “admin:admin” are widely known and can allow anyone nearby, or even online, to access critical settings without much effort.
- Automated Exploitation: Devices with unchanged default credentials can be quickly exploited by automated tools.
- High Severity: Such vulnerabilities are often flagged with a High severity issue and a CVSS score of 9.8, which is considered “as critical as it gets”. This type of vulnerability is even listed on CISA’s Known Exploited Vulnerabilities (KEV) list, meaning bad actors are actively using it.
- Insider Data: Shockingly, research from Outpost24’s KrakenLabs team revealed that IT administrators, who are responsible for system security, often use weak and predictable passwords themselves. Their analysis of over 1.8 million passwords showed ‘admin’ as the most popular, and many of the top 20 administrator passwords were simple, static, or default choices like “123456”, “Password”, or “root”. This exposes privileged user accounts to easy compromise.
- Malware Exploitation: Password-stealing malware, spread through methods like fraudulent YouTube videos or Google ads, can quietly collect login information from web browsers, FTP clients, and mail accounts. This stolen data can then be sold on marketplaces for credential stuffing attacks. Even without sophisticated malware, simple password-guessing attacks can succeed due to common weak choices.
A Recent Finding: Default Admin Credentials Still Prevalent
One of our recent Network Scans provided another clear example of this ongoing risk. Our client, “Mango Otter,” a technology thought leader, still had factory-set admin credentials on their Linksys router.
Specifically, the router was accessible using the default login “admin/admin” over port 80 (HTTP). This was immediately flagged as a High severity issue with a CVSS score of 9.8, because it allowed potential intruders to access the router’s settings easily. Attackers could use this to access private network information, change DNS or firewall settings, or even install malicious firmware to take over the device. Once notified, Mango Otter swiftly changed the default admin password to a strong, randomly generated one, eliminating this easy entry point. This finding underscores that despite new legislation banning default passwords in some areas, they are “still widely used”.
The stories of KNP and Mango Otter serve as powerful reminders: never underestimate the power of a strong password. Always change factory-set passwords on all your devices, whether it’s your home router or critical business systems. Getting help to audit your credentials regularly can pay off immensely, especially for “legacy hardware or anything installed ‘out of the box’ without changes”. As the NCSC’s CEO Richard Horne emphasizes, companies need to “step-up and improve their cybersecurity” and “think about cyber-security in all the decisions they make”. Just as you wouldn’t leave your physical doors unlocked for a burglar, don’t leave your digital doors vulnerable with weak or default passwords.
References:
– https://www.bbc.com/news/articles/cx2gx28815wo
– https://outpost24.com/blog/it-admins-weak-password-use/
