As cyberattacks grow in sophistication and frequency, cybersecurity experts during the annual meeting of World Economic Forum on Cybersecurity which took place in November 2019 urged for a better understanding of the risks to which any organization or even a county is exposed to.
Over the years the risk factors have multiplied to an unimaginable level which led the security researchers to believe that 2020 will be dominated by major threats like ransomware attacks, targeting IoT (Internet of Things) and phishing attacks. However, in the very beginning of January, it has come true with a hacker who stole confidential info and then published a massive list of Telnet credentials for over 500,000 servers, home routers and IoT smart devices.
The cybercriminal has shared the list on a popular hacking forum. It was also noticed that the list includes such vulnerable devices' IP address as well as the username and password for the Telnet service, which is a remote access protocol that can be used to control devices over the internet.
As reported by ZDNet, security and a statement from the hacker revealed that after conducting a full scan of the entire internet for devices which were exposing their Telnet port, the leaked credential list was created. It should be noted that the cybercriminal tried to use factory-set default usernames and passwords, or easy-to-guess password combinations.
Shared list of passwords
The list which the hacker created and then shared is one type of bot list. These type of lists are a common component of an IoT botnet operation. To create a list like that cybercriminals scan the internet and later use such lists to connect to the devices and install malware.
It should be mentioned that this is not the first case of releasing a list like this, as a list of 33,000 home router Telnet credentials was also leaked in August 2017. This list of credentials has gone viral soon on Twitter as several high-profile security experts retweeted the link on the social media platform.
The cybercriminal shared by the operator of a DDoS booter service. As per the report, the hacker claimed that he upgraded the DDoS service to a new model that relies on renting high-output servers from cloud service providers. These newly leaked lists are dated from October to November 2019, while some of these devices might now run on a different IP address or use different credentials.
Why IoT becomes one of the major threats?
Almost the entire world is now exposed to huge cosmos of the internet and thanks to the "Internet of Things" or IoT people are more interconnected than ever. Smart devices have given an opportunity to explore a whole new world of entertainment as well as education and have changed the way companies do business.
The inherent nature of IoT means that security teams can never fully get a hand on the security capabilities of connected third party devices. Which makes it difficult enough to apply security patches to the company's own mobile devices. So, hackers have become adept at accessing corporate networks through vulnerable and unsecured IoT devices to install malware.
Security company Kaspersky reported that as many as 100 million IoT attacks happened throughout the world in 2019, while cybersecurity trend researcher at FireEye predicted more attacks where cybercriminals exploit vulnerabilities in IoT devices to install malware such as Reaper attack. FireEye warned that these threat actors can enlist millions of compromised IoT devices to conduct a large-scale attack, including DDoS attacks which can take down an entire website.