Other issues in this category (8)
Tuesday, May 21, 2019
A hacker going by the alias Subby compromised the command and control (C&C) servers responsible for maintaining the operation of 29 IoT botnets.
How did he do that? By mounting brute-force attacks.
Ankit Anubhav, a security researcher at NewSky Security, described the attacks in detail in his blog. According to the researcher, the criminals behind the botnet were using such common credentials as root:root, admin:admin and oof:oof. To illustrate his point, the security expert drew up a table containing the list of C&C servers, their respective botnets, and the login-password combinations that the criminals used to access the control panel.
Root:root, root:scool, and other combinations aren't exactly a shining example of strength and originality. And it's not even about hackers getting lazy. More often than not, it is low-skilled criminals who prey upon law-abiding citizens.
According to Subby, script kiddies were behind most of the C&C servers. To herd devices into a botnet, they used publicly available manuals that anyone can find on the Internet.
So the conclusion is pretty obvious. The success of most attacks comes down to our laziness and lack of computer literacy. Too lazy to come up with a strong password, too lazy to use a different password for the anti-virus settings, and too lazy to update the system in a timely manner and reboot it whenever prompted to do so.
The Anti-virus Times recommends
Well, if pros want to hack into your system, they will probably succeed. However, in most cases attacks are mounted by amateurs armed with online guides that anyone can find on the Web. Follow the basic security recommendations that we keep putting forward in our posts, and you will enjoy a safe and worry-free experience online!