Over half a million servers, IoT and home router Telnet credentials have been published by a hacker.
515,000 IP addresses, usernames and passwords for Telnet services, the application protocols used on the local area networks or the internet, were published on a popular hacking forum.
According to ZDNet, to do the attack, the hacker scanned the internet for devices that exposed a Telnet port. Once found, the identification access codes would then have been changed to the original factory-set default usernames and passwords. The hacker would have then guessed the easy to predict password and username combination.
These “bot-lists”, as they are known, are very common in Telnet hacking.
A continuous attack
Ekaterina Khrustaleva, COO of web security company ImmuniWeb, thinks that the attack is not a huge shock. She comments: “It’s likely all these devices have been present on many blacklists for a while already. Countless competing cyber gangs are continuously and enthusiastically scanning the Internet for weak, default or missing passwords on various IoT and network devices for over a decade. Therefore, many of these devices have been compromised months or even years ago.”
The predictability of a move like this acts as a prompt for the ever-growing need for cybersecurity.
“It’s a colorful reminder about the skyrocketing number of unprotected IoT and network devices that in a few years may become the main substance for DDoS botnets difficult to shut down. A comprehensive inventory of the devices, maintenance of firmware and restrictions around connecting from the Internet are the very fundamental precautions for all users who don’t want to give away their device to the attackers,’ Khrustaleva adds.