Date:23/09/19
“The most commonly used credential is blank, which means that the attackers just enter an empty username and password,” says Avira threat analyst Hamidreza Ebtehaj. “This is even more common than admin.”
Credentials in this case are a two-part combination of the user name and the password which hackers enter into Avira’s smart device honeypot while attacking it. Attacks with blank or empty credential slots made up a 25.6% of the total, vastly outnumbered the other top credential combinations. This blank category even exceeded share of default IoT device credentials such as “admin | QWestM0dem” and “admin | airlive” (24.0%) and the collection of general default credentials (23.4%) with those timeless classics such as “admin | admin”, “support | support”, and “root | root”.
Specific IoT malware attacks, where the hackers zeroed in on a known vulnerability with credentials such as, made up 25% of the total. The two top credential pairs were “root | xc3511” and default | S2fGqNFs” – two internet connected web cams which have gone to market under a number of names.
“These stats were collected on Friday, September 13,” he adds. “The numbers, especially for IoT malware-related stats, do vary slightly based on ongoing attacks, but the general distribution has remained consistent for some time now.”
Admin is NOT the worst password of all
Forget about 12345 or P@ssW0rd, an Avira honeypot set up to find new smart device threats has identified an even more insecure credential – nothing.“The most commonly used credential is blank, which means that the attackers just enter an empty username and password,” says Avira threat analyst Hamidreza Ebtehaj. “This is even more common than admin.”
Credentials in this case are a two-part combination of the user name and the password which hackers enter into Avira’s smart device honeypot while attacking it. Attacks with blank or empty credential slots made up a 25.6% of the total, vastly outnumbered the other top credential combinations. This blank category even exceeded share of default IoT device credentials such as “admin | QWestM0dem” and “admin | airlive” (24.0%) and the collection of general default credentials (23.4%) with those timeless classics such as “admin | admin”, “support | support”, and “root | root”.
Specific IoT malware attacks, where the hackers zeroed in on a known vulnerability with credentials such as, made up 25% of the total. The two top credential pairs were “root | xc3511” and default | S2fGqNFs” – two internet connected web cams which have gone to market under a number of names.
“These stats were collected on Friday, September 13,” he adds. “The numbers, especially for IoT malware-related stats, do vary slightly based on ongoing attacks, but the general distribution has remained consistent for some time now.”
Views: 1169
©ictnews.az. All rights reserved.Similar news
- Cellphone Use May Raise Cancer Risk
- Australian police pushes cyber safety education
- Vietnam aims to lead in e-government
- Senate Website Gets Hacked
- US builds net for cyber war games
- Japan enacts anti-computer virus law
- India passes law vs e-waste
- Anonymous Declares War On The City Of Orlando
- Microsoft highlights evolving dangers as online identity data proliferates
- Consumers want internet security to be provided by banks
- Government facilities targets of cyber attack
- South Korean web attacks might been war drill
- Sri Lanka to Establish National Passport Database to Increase Border Security
- Hi-tech crime agencies set to employ information security professionals
- Phone hacking and online campaign bring down the News of the World