A new study conducted by a european security company has revealed which passwords cybercriminals try first when trying to hack networks and devices. F-Secure Corporation set up a series of decoy servers — also known as “honeypots” — to monitor hackers’ attack strategies. They noted a significant increase in traffic to these servers in the second half of 2019; the majority of which came from cybercriminals scanning the internet for poorly protected devices.
The main protocols targeted via these scans were SMB and Telnet. SMB port 445 was most commonly used to carry out attacks, suggesting that hackers are still using SMB worms and the EternalBlue exploit via trojans like Trickbot. Telnet was also popular, indicating a rise in attacks on IoT devices.
Once attackers identified a protocol vulnerability, they would often attempt to brute-force the login details in order to gain access. Researchers found that hackers began with a list of common “bad” passwords; including “admin”, “default”, “password”, “root” and “12345”. They also tried the factory default login details for a variety of IoT devices. According to the UK National Cyber Security Centre (NCSC), the password “123456” was found 23 million times during data breaches.
The study is concerning; not only because it reveals ongoing Microsoft OS vulnerabilities but because it suggests a large-scale lack of awareness in regard to password security. Although the UK recently advised that IoT device passwords should be unique and not resettable to default factory settings, this has not yet stemmed the flow of attacks on these endpoints. Once hackers access IoT devices, they can convert them into bots used for further attacks, such as DDoS.
The coronavirus pandemic has exacerbated the risk of cyberattacks due to the huge number of people working from home on unsecured endpoint devices. If you’re concerned about data breaches, Soteria can help. Not only do we offer a range of IoT security solutions but we also provide comprehensive cyber awareness courses that teach personnel how to create strong passwords, identify potential cyberattacks and mitigate the risks of working from home.
Get in touch with us today for further information.