An interesting dynamic is happening at the top of the attackers’ chart. First of all, Iranian attacks were overshadowed by other countries to the degree that we no longer see them in higher positions. To mention the current top four most significant, we would highlight Romania, Germany, Bulgaria, and the Netherlands. There had been consistent attacks from Germany that came into prominence about the 4th of October and then slowly started to disappear on the 16th until the final dissolution on the 18th of October. The graph line for German attacks looks very stable and consistent. On the other hand, Romania’s malicious activity, which took the top of the charts, looked erratic and unorganized in the graph. To the degree that Sentinel View graphs in the Incidents section, except for Top countries by recorded incidents, are rendered almost useless.
The count of incidents for the most-used password from the previous month, 1234562, had been 47 031 867. If we compare it to this month’s winner password, we see that the number is smaller by half, having 21 329 701 records. The most active attacker that used any password last month used a German IP address and rotated passwords on a daily basis. And we mean that literally. Picked one password, used it the whole day everywhere possible, and only then moved to the following one the next day. So does the attacker from Romania, yet we see no connection between the two. Another interesting point is that there are a lot of SMTP minipot attacks with empty passwords.