Friday, May 23, 2025

Deepfaking of Some Senior US Government Officials


Do you think AI-powered smishing and vishing are far off? Then do think again. (Smishing uses text messages to trick users; vishing relies on voice calls to do the same.)


Today, these social engineering attacking tactics might seem low-level, but the developments in AI-technology is rapidly changing that. With tools that can generate natural-sounding texts and mimic real voices, attacks are getting more sophisticated and convincing. What’s now a minor risk could soon escalate into a widespread and highly effective threat.


The FBI has warned that fraudsters are impersonating "senior US officials" using deepfakes as part of a major fraud campaign.


According to the agency, the campaign has been running since April and most of the messages target former and current US government officials. The attackers are after login details for official accounts, which they then use to compromise other government systems and try to harvest financial account information.


https://bit.ly/4ks5Jff


Headlines:

"'AI-generated content has advanced to the point that it is often difficult to identify,' the FBI advised. 'When in doubt about the authenticity of someone wishing to communicate with you, contact your relevant security officials or the FBI for help.'"


"Attackers have used this approach for over five years. The technology needed to run such attacks is so commonplace and cheap that it's an easy attack vector. Deepfake videos have been around for a similar period, although they were initially much harder and more expensive to do convincingly."

Friday, May 9, 2025

Over 19 Billion 'Lazy' Passwords Have Been Leaked

Do you think that you have strong passwords? Are you sure about it?

A new study examined more than 200 data breaches between April 2024 and 2025, and found that of the 19,030,305,929 newly exposed passwords. More that twice of the population of the whole world.


A quite interesting analysis to read and understand the password behavior of human beings and maybe to re-consider our own passwords.


https://bit.ly/3F4HVOR


Headlines:


"...Lazy keyboard patterns, such as 123456, still reign supreme, and 94% of passwords are reused or duplicated, data leaks from 2024-2025 reveal. Names like Ana rank as the second most popular component."


"'We’re facing a widespread epidemic of weak password reuse. Only 6% of passwords are unique, leaving other users highly vulnerable to dictionary attacks...'"


"Key takeaways

- Most people use 8–10 character passwords (42%), with eight being the most popular.

- Almost a third (27%) of the passwords analyzed consist of only lowercase letters and digits.

- Passwords composed of profane or offensive words might seem rare, but they're actually very common in practice.

- Despite years of being called out, default and 'lazy' passwords like 'password', 'admin', and '123456' are still a common pattern."


"The analyzed dataset contains exposed credentials from leaks or breaches that happened in a 12 month period starting with April 2024.


The data included leaked databases, combolists, and stealer logs originating from around 200 cybersecurity incidents. Only data that became publicly available was analyzed.


The leaks exposed a total of 19,030,305,929 (19 billion) passwords. Only 1,143,815,266 (6%) (1 billion) of passwords were identified as unique."


"It’s no surprise that you’ll find '1234' in almost 4% of all passwords – over 727 million passwords use this sequence. Extending it by two additional numbers, to '123456', leaves 338 million passwords using it. 'Password' and '123456' have been the most popular passwords at least since 2011."


"Many systems originally provide these defaults, such as routers with 'admin/admin' or phones with 1234 PINs. Users either never change them or even recycle these passwords elsewhere themselves."


“'Many users choose a name as part of their password. We cross-referenced the dataset with the 100 most popular names of 2025 and found that there’s a whopping 8% chance for them to be included as part of a password,' the researcher explains.


Ana was the most popular, used in almost 1%, or 178.8M passwords. This short component naturally appears in many other common words, such as 'banana' (used in 3.7M passwords).


Many users opt for passwords inspired by positive, uplifting concepts. Words like love (87M), sun (34M), dream (6.1M), joy (6.9M), and freedom (2M) dominate the positive wordlist​.


Some of the most frequently used pop culture terms in passwords include Mario (9.6M), Joker (3.1M), Batman (3.9M), Thor (6.2M), and, surprisingly, Elsa (2.9M) from Disney’s 'Frozen'.


'Positive associations, admired characters, and nostalgia make people feel familiar and are easy to recall. However, popularity becomes predictability, exploited by attackers,' the researcher explains.


Swear words are also very common in passwords. The top entry, ass (165M), can be partly explained by the use of 'pass' or 'password'. However, users often craft their passwords using fuck (16M), shit (6.5M), dick (3.2M), and bitch (3.2M)."


"Other top-most frequently used words in passwords include countries, cities, US states, food, popular brands, nature, animals, or even seasons or months.


The most popular city for passwords is Rome (13M), while 9.8M passwords include lion and 7.8M – fox. Summer (3.8M) is the most popular season, and users seem to prefer Monday (0.8M) the most to protect their accounts."