Re: If it did not have 2FA or certs it was asking to be hacked
Same here although I wonder at the intelligence of some of the script writers. A quick check shows attempts to log in to my server using the user names:
xdfrieortu
cbmoiwueu
xbvwtywefo
pjkiuyl
qwkoud
..before my server put the source IP address on the naughty step.
You may be looking at someone trying to see if you have ALREADY been hacked. The fun thing about hackers is that they also compete for resources, and that list may be a set of defaults set up by ANOTHER breach attempt that is maybe based on a zero day, or a reverse engineering of a recently revealed MS patch.
You don't need many systems online to see that there's all sorts of filth roaming the Net trying to steal your facilities or breach them. This is why the guys from Parliamentary Digital Services will face a bit of a grilling - if you run a State service it stands to reason you're up against competing State actors. That demands effort, so I hope it's down to resource shortage rather than the sort of beginners' mistakes I've come across.
Biting the hand that feeds IT
