Tweet
There are hundreds of thousands of Linux and Raspberry Pi devices connected to the internet right now, protected by nothing more than the default password.
In possession of these default passwords, cybercriminals are using numerous automated bots to scan for vulnerable devices. Once they find them, planting malware becomes relatively easy.
These are the findings of a new threat report from Bulletproof, which claims “knockknockwhosthere”, “nproc”, “1”, “x”, “1234”, “123456”, “root”, and “raspberry” are among the most common default passwords out there.
TechRadar needs you!
We’re looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn’t take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a £100 Amazon gift card (or equivalent in USD). Thank you for taking part.
“On the list are the default Raspberry Pi credentials (un
i/pwd:raspberry). There are more than 200,000 machines on the internet running the standard Raspberry Pi OS, making it a reasonable target for bad actors. We also can see what looks like credentials used on Linux machines (un:nproc/pwd:nproc). This highlights a key issue - default credentials are still not being changed,” said Brian Wagner, Chief Technology Officer at Bulletproof.
“Using default credentials provides one of the easiest entry points for attackers, acting as a ‘skeleton key’ for multiple hacks. Using legitimate credentials can allow hackers to avoid detection and makes investigating and monitoring attacks much harder.”
To make the situation even worse, the report claims a quarter of the passwords attackers use today originate from the RockYou database leak that happened more than a decade ago.
For the purpose of the report, Bulletproof’s cybersecurity researchers created a honeypot, in the form of servers in public cloud environments with deliberate security vulnerabilities, in order to attract bad actors.
Read more
Over the course of the research, bad actors initiated more than 240,000 sessions, while in total, more than half (54%) of over 5,000 unique IP addresses had intelligence that suggested they were bad actor IP addresses.
“Within milliseconds of a server being put on the internet, it is already being scanned by all manner of entities. Botnets will be targeting it and a host of malicious traffic is then being driven to the server,” continued Wagner. “Although some of our data shows legitimate research companies scanning the internet, the greatest proportion of traffic we encountered to our honeypot came from threat actors and compromised hosts."
[ul]
[li]Stay safe with the best antivirus software right now[/li][/ul]
Continue reading…
In possession of these default passwords, cybercriminals are using numerous automated bots to scan for vulnerable devices. Once they find them, planting malware becomes relatively easy.
These are the findings of a new threat report from Bulletproof, which claims “knockknockwhosthere”, “nproc”, “1”, “x”, “1234”, “123456”, “root”, and “raspberry” are among the most common default passwords out there.
TechRadar needs you!
We’re looking at how our readers use VPNs with different devices so we can improve our content and offer better advice. This survey shouldn’t take more than 60 seconds of your time, and entrants from the UK and US will have the chance to enter a draw for a £100 Amazon gift card (or equivalent in USD). Thank you for taking part.
Click here to start the survey in a new window p>
[HEADING=1]Easy attack point [/HEADING]
[HEADING=1]Easy attack point [/HEADING]
i/pwd:raspberry). There are more than 200,000 machines on the internet running the standard Raspberry Pi OS, making it a reasonable target for bad actors. We also can see what looks like credentials used on Linux machines (un:nproc/pwd:nproc). This highlights a key issue - default credentials are still not being changed,” said Brian Wagner, Chief Technology Officer at Bulletproof.“Using default credentials provides one of the easiest entry points for attackers, acting as a ‘skeleton key’ for multiple hacks. Using legitimate credentials can allow hackers to avoid detection and makes investigating and monitoring attacks much harder.”
To make the situation even worse, the report claims a quarter of the passwords attackers use today originate from the RockYou database leak that happened more than a decade ago.
For the purpose of the report, Bulletproof’s cybersecurity researchers created a honeypot, in the form of servers in public cloud environments with deliberate security vulnerabilities, in order to attract bad actors.
Read more
Raspberry Pi OS just got a serious upgrade
Installing an OS on your Raspberry Pi is about to become a lot simpler
Raspberry Pi can now detect malware without any software
Installing an OS on your Raspberry Pi is about to become a lot simpler
Raspberry Pi can now detect malware without any software
“Within milliseconds of a server being put on the internet, it is already being scanned by all manner of entities. Botnets will be targeting it and a host of malicious traffic is then being driven to the server,” continued Wagner. “Although some of our data shows legitimate research companies scanning the internet, the greatest proportion of traffic we encountered to our honeypot came from threat actors and compromised hosts."
[ul]
[li]Stay safe with the best antivirus software right now[/li][/ul]
Continue reading…