Top 10 Passwords Used to Hijack IoT Devices Are as Stupid as You Think They Are

Solarquest

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
IoT malware and IoT botnets are becoming a real problem


Malware targeting Internet of Things (IoT) devices is becoming more and more prevalent, with new families discovered every month, all working in the same way.

IoT malware, usually targeting various Linux flavors used to power these devices, is rarely a danger to the people or companies behind these devices, but everyone else.

All IoT malware discovered in the past two years has been seen doing the same thing. The infection starts with a crook or automated service employing brute-force attacks, trying to guess the IoT device's admin password by trying thousands of username-password combinations.

Default device passwords help IoT botnets grow
If users haven't changed their device's default credentials, then crooks usually get access to the device after a few seconds. At this point, the malware alters the device by adding special code to communicate with one of its command and control servers, ensnaring it into a worldwide botnet, mainly used to execute DDoS attacks, relay proxy traffic for crooks, and brute-force other IoT devices.

In August, Kaspersky discovered that Linux-based botnets had become the most popular DDoS botnets on the market.

Only in targeted attacks, you'll see someone use an IoT device as a pivot point inside a network, but generally, in the vast majority of cases, IoT devices are used as bots for DDoS attacks.

All of this is simplified by device owners that don't secure their devices with custom passwords. According to Symantec, the table below shows the most encountered passwords in IoT devices around the world.


Read more: http://news.softpedia.com/news/top-...you-think-they-are-508588.shtml#ixzz4L6KRzQml
http://news.softpedia.com/news/top-...you-think-they-are-508588.shtml#ixzz4L6KRzQml
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top