Media reported that many people are still using bad passwords, which is a huge security risk. It’s clear that the product company is wrong in this case, because they use the default username and password that is extremely easy to guess on their devices — and the hackers know this.
As a way of detecting the pattern of cyberattacks, researchers from the security firm F-Secure have set up a series of “honeypot” bait servers around the world. Some of the most popular passwords that hackers try to use appear in many of the worst password lists, such as “12345” and “password” but “admin” proved to be the most popular.
Another password that many hackers try to use is “vivx”, the default password for China’s DVR. The other two passwords on the list, “1001chin” and “taZz@23495859,” are also the factory default passwords for other embedded devices, including routers.
Top10 password used in honeypot bait server
It was revealed that 99.9% of honeypot traffic comes from robots, malware and other tools. These attacks can come from any connected device, from traditional PCs to smartwatches and even IoT toothbrushes.
Most of the attacks came from the United States, with Ukraine the most popular destination, followed by China, Austria and the United States.
It is worth noting that many attackers attack through agents in other countries, of course, to avoid the authentication process, so the accuracy of this form is open to question.
When it comes to the most vulnerable TCP ports, SMB Port 445 is the most popular, with 526 million clicks, suggesting that attackers are still keen to use SMB worms and attacks such as spoofing robots. Telnet came in second with 523 million hits, suggesting that attacks on IoT devices remain very common.
In addition, the report reminds consumers to change the device’s default password and factory settings and comply with standard security precautions such as updating firmware and patches in a timely manner. Also, don’t use a bad password.