The Danger of Weak Passwords: UK Trucking Firm Attacked and Permanently Shut Down

• Discover how a single weak password led to a UK trucking firm's permanent shutdown by a ransomware attack, highlighting the critical link between passwords and enterprise cybersecurity.
• Learn actionable strategies for creating strong passwords and implementing broader cybersecurity measures to protect your organization against ransomware and other threats.
• Explore how Trustwave's comprehensive approach, from ransomware readiness to advanced threat detection, helps organizations strengthen passwords and overall cybersecurity posture.

A threat actor once again proved the importance of enforcing strict password management practices by torpedoing a 158-year-old UK transportation company by hacking a password and then effectively shutting it down with ransomware.

According to published reports, the threat group Akira gained access to KNP's system in June when it was able to determine a single employee's password. Once access was gained, Akira injected ransomware, which shut down the network and encrypted access to its files and backups. Akira then demanded an estimated £5 million ransom, but this amount was beyond KNP's ability to pay, so it opted to shut down instead.

About 700 people are now out of work.

This attack reinforces the need for strong passwords and for organizations to frequently check to ensure their staffers are abiding by the rules.

How to Build a Strong Password

Trustwave's Jason Whyte, General Manager for the Pacific, recently noted that passwords are inherently vulnerable, but strengthening them can contribute to a robust security posture. At an organizational level, it's essential that strong password policies be provided to employees with clear instructions on password length, complexity, and expiration guidelines.

Trustwave researchers warn that an eight-character password can be cracked in under a day, and sometimes much faster, using brute-force techniques. Simply increasing the length to 10 characters can extend that brute force timeline to potentially hundreds of years. Adding length and complexity, such as uppercase and lowercase letters, numbers, and symbols, goes even further.

Of course, remembering something like "dlkjskljfo8w!$^@@" isn't easy. That's why passphrases are a smart choice. Think of a line from your favorite song, a historical quote, or even something you say to your kids, like: "Broccoliisgoodforyou".

Whyte suggests using technology to make this task easier. Complex passwords can be difficult to remember, especially when they need to be changed frequently, every 60-90 days is recommended. The solution is a password manager, which generates unique passwords for every account and securely encrypts them. This minimizes the risk of using weak or repeated passwords and ensures that employees only need to remember one strong master password.

Not sure if your password or passphrase is strong enough? Free tools like Have I Been Pwned and other password strength checkers can estimate how long it would take to crack a password. For example, a complex passphrase like the one above could take centuries to break.

Trustwave's Comprehensive Approach

Trustwave employs a multi-faceted approach to identify and address weak passwords:

1. Ransomware Readiness Assessments – Trustwave experts review email security, identify security gaps, backup, recovery, and inherent risks to an organization.
2. Advanced Threat Detection: Utilizing sophisticated algorithms and machine learning, Trustwave's systems can detect unusual login patterns and potential brute force attacks in real-time. This proactive approach helps in identifying compromised credentials before they can be exploited.
3. Implementation of Best Practices: Trustwave assists organizations to implement best practices for password management. This includes enforcing policies on password length, complexity, and expiration, as well as integrating multifactor authentication (MFA) to add an extra layer of security.
4. Continuous Monitoring and Support: Trustwave Managed Security Services and Managed Detection and Response solutions provide ongoing monitoring and support to ensure that password policies are adhered to and that any potential vulnerabilities are promptly addressed.

By leveraging Trustwave's cybersecurity services, organizations can significantly reduce the risk of breaches caused by weak passwords. The benefits include:

• Enhanced Security Posture: Stronger passwords and proactive threat detection contribute to a more robust security framework.
• Reduced Risk of Data Breaches: Identifying and addressing weak passwords before they are exploited helps prevent unauthorized access to sensitive information.
• Improved Employee Awareness: Training programs ensure that employees understand the importance of strong password practices and are equipped to implement them.
• Compliance with Regulations: Adhering to best practices for password management helps organizations meet regulatory requirements and avoid potential fines. Multifactor authentication is a core requirement of most cybersecurity regulations these days.

Trustwave's comprehensive cybersecurity services play a crucial role in identifying and mitigating the risks associated with weak passwords. By implementing strong password policies, conducting regular audits, and providing continuous support, Trustwave helps organizations stay one step ahead of cyber threats.