X
NEXT
Forgot password?

DigitalXRAID

Telnet Credentials Stolen in IoT Device Hack

Threat Intelligence from DigitalXRAID’s Security Operations Centre analysts:

Last week a hacker published an extensive list of Telnet credentials for more than 515,000 servers, home routers, and IoT smart devices being compromised.

The list of credentials was published on a popular hacking forum, the list included each device’s IP address, along with a username and password for the Telnet service (Telnet is a remote access protocol that can be used to control devices over the internet).

The list was compiled by the attacker after scanning was conducted against the internet for devices that had the Telnet port globally accessible. The attacker was able to gain access to these devices by using factory-set default usernames and passwords, or custom, but easy-to-guess password combinations.

It is common practice for attackers to scan the internet for devices that can be compromised, these are often IoT devices as they often have weaker security than conventional internet connected devices. These devices are compiled into lists, known as “bot lists” and subsequently become compromised by malicious actors for use in further attacks.

In this case the attacker leaked the details of all these devices however some of the IP addresses may have since changed due to them not having static IP configurations.

In most cases these poorly configured devices are not evenly spread out across the internet but are instead clustered on the network of one single ISP. This is due to the ISP failing to further secure the device by disabling ports such as Telnet and not changing default passwords on the devices, this leaves them extremely vulnerable.

An attacker could use the IP addresses included in the lists, determine the service provider, and then re-scan the ISP’s network to update the list with the latest IP addresses allowing them to conduct further attacks.

How can you avoid being a victim?

When buying IoT devices you should always check if they have been tested for security. We see more and more devices coming into the market built for functionality and not security.

Another tip is to always change the default password, we recommend using a password manager that will create a strong password for you.

Previous Article

Travelex – What Really Happened?

Next Article

Threat Intelligence: RDP Gateway Remote Code Execution Vulnerabilities

Cyber Security Experts

Accredited and regulated, we're in the top 1% of cyber security agencies globally

Crown Commercial Service Supplier Cyber Essentials Plus ISO 27001 BSI ISO 9001 CHECK NCSC Cyber Incident Response CREST

We’re trusted by the UK Government as Crown Commercial Service providers as well as being accredited by two of the leading cyber security governing bodies. Our ISO9001 certification means you can rest assured our processes and approach are market leading.

Protect Your Business & Your Reputation.

With a continued focus on security, you can rest assured that breaches and exploits won't be holding you back.

Speak To An Expert

x

Get In Touch

[contact-form-7 id="5" title="Contact Us Form"]