IoT Bot Landscape Expands, Attacks Vary by Country

New report finds 1,005 new user names and passwords beyond Mirai’s original default list two years ago.

Steve Zurier, Contributing Writer, Dark Reading

October 23, 2018

2 Min Read
Dark Reading logo in a gray background | Dark Reading

Roughly two years after the Mirai Internet of Things (IoT) bot took down the Internet for much of the eastern United States and parts of Europe, Netscout security researchers have found that the bot landscape has expanded considerably.

By setting honeypots across North America, South America, Europe, and Asia, researchers observed nearly 200,000 brute-force attacks from Sept. 1 through Sept. 30, according to Matt Bing, a security research analyst at Netscout. The team found 1,005 additional user name and password combinations beyond Mirai's original default list of 60.

"A lot of what we were trying to do is find out what has changed from the original Mirai source code from the fall of 2016 and how it has expanded," Bing explained in a blog post today. "We found they were looking to attack new and different types of IoT devices, such as webcams and travel routers. The first Mirai attacks focused on DVRs."

Bing said the researchers also found trends specific to certain regions. For example, "root/20080826" was found in Russia on a travel router widely used there, while "telecomadmin/admintelecom" was prevalent in China, where that user name and password combo is found on widely used Huawei routers.

"We also found that when bots using specific manufacturer default passwords would infect devices, they would launch attacks from those compromised devices," Bing said.

Given this new information, Bing advised security pros to keep their IoT devices up to date and behind a firewall. Home users should place their IoT devices behind a home router.

"We'd also suggest companies use honeypots to understand the landscape and gain insights into where these IoT attacks are headed," Bing said.

Related Content:

 

 

Black Hat Europe returns to London Dec 3-6 2018  with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

About the Author

Steve Zurier

Steve Zurier

Contributing Writer, Dark Reading

Steve Zurier has more than 30 years of journalism and publishing experience and has covered networking, security, and IT as a writer and editor since 1992. Steve is based in Columbia, Md.

See more from Steve Zurier
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events

Editor's Choice

Pegasus Spyware concept with binary code background
Endpoint Security
WhatsApp: NSO Group Operates Pegasus Spyware for CustomersWhatsApp: NSO Group Operates Pegasus Spyware for Customers
byJai Vijayan, Contributing Writer
Nov 18, 2024
4 Min Read
Laptop with Palo Alto networks logo
Cyberattacks & Data Breaches
Palo Alto Networks Patches Critical Zero-Day Firewall BugPalo Alto Networks Patches Critical Zero-Day Firewall Bug
byBecky Bracken, Senior Editor, Dark Reading
Nov 18, 2024
3 Min Read
ChatGPT, typed out on a screen
Сloud Security
ChatGPT Exposes Its Instructions, Knowledge & OS FilesChatGPT Exposes Its Instructions, Knowledge & OS Files
byNate Nelson, Contributing Writer
Nov 15, 2024
4 Min Read
Reports
More Reports
Webinars
More Webinars
White Papers
More Whitepapers
Events
More Events