2 min read

Bots Infect Insecure IoT Device Every Two Minutes

Ionut ILASCU

September 12, 2017

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Bots Infect Insecure IoT Device Every Two Minutes

Research and imagination paint a scary picture of security failures in internet-of-things devices. A recent experiment shows an even darker reality, though, where cyber-criminals persistently scan the web to access poorly protected connected devices. Successful attacks on a test gadget were as frequent as every two minutes and came mostly from IoT products already infected.

Johannes B Ullrich, dean of research at the SANS Technology Institute, ran the study with an older-model Anran digital video recorder (DVR) for security cameras, set up with the factory configuration. The default access password from the manufacturer is “xc3511,” – present on multiple white-labeled DVRs and IP cameras, and used by the Mirai botnet a year ago to swell its army of compromised systems.

Many attackers expend little effort trying to compromise a device. Default credentials are publicly available and easy to find, and so are the tools that search the internet for vulnerable devices and access them in an automated way. This is a simple job, even for crooks with little skill.

The experiment lasted 45 hours and 42 minutes and logged attacks from 1,254 IP addresses that tried the “xc3511” password to access the device. Simple math shows that successful compromise occurred every two minutes. Ulrich said much of the malware programs disabled the telnet communication post-infection to foil competitors’ attacks. To keep the test running, the devices rebooted every five minutes.

Much of the telnet scanning originated from infected internet-of-things devices in India, China and Brazil. According to Ulrich’s findings, some of the attacking gadgets ran the GoAhead embedded webserver, the Dahua DVR firmware or the DD-WRT firmware alternative for many routers and access points. High-profile manufacturers included TP-Link, AvTech, Synology, and D-Link.

“While I am calling the activity ‘Mirai,’ dozens of variants hit the DVR,” notes Ulrich, as multiple versions of this particular piece of malware have been created since the public release of the source code in late September last year. The code is easy to find and anyone with basic computer skills can create their own version.

This study shows devices facing the public internet with default credentials are sitting ducks, and cyber-criminals waste no time recruiting them into botnets to perpetrate malicious activity. As a minimal security precaution, users should change the default password from the manufacturer to a unique phrase.

Credit: anran-cctv.com

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Iranian Threat Actor Deployed Malicious PowerShell Script through Phishing, Then Stole Files and Credentials Iranian Threat Actor Deployed Malicious PowerShell Script through Phishing, Then Stole Files and Credentials
Silviu STAHIE

November 26, 2021

1 min read
Ukraine Arrests Five iPhone Hackers of the Phoenix International Hacking Group Ukraine Arrests Five iPhone Hackers of the Phoenix International Hacking Group
Filip TRUȚĂ

November 26, 2021

1 min read
Couple arrested for secretly installing cryptomining software on department store PCs Couple arrested for secretly installing cryptomining software on department store PCs
Graham CLULEY

November 26, 2021

1 min read