The hacker ‘Subby’ took over 29 IoT
The hacker accessed to the control panels that were secured with weak credentials.
“Now this theory has been implemented by a threat actor named Subby, who has brute forced at least 29 IoT C2s, and found them using extremely trivial credentials.” wrote Ankit Anubhav, security researcher at NewSky Security. “As shared by the threat actor, one can see that the credentials used are fairly weak.”
Subby told Anubhav that some of C2 associated with the IoT botnets were using very common credentials, including “root:root”, “admin:admin”, and “oof:oof”.
In an Interview with Anybhav, Subby explained that most of the IoT botnets he hacked were set up by script kiddies following online tutorials.
“It’s obvious as to why this is happening. A large percentage of botnet operators are simply following tutorials which have spread around in the community or are accessible on YouTube to set up their botnet. When following these tutorials, they do not change the default credentials. If they do change the credentials the password they supply is generally weak and therefore vulnerable to brute forcing.” Sabby told Anybhav.
Subby explained that he gained control over a total of more than 40,000 devices in just a week, a disconcerting firepower that could be potentially abused by several threat actors.
“Within the 1st week of brute forcing, I surpassed 40,000 devices. This was quite an inflated number due to possible duplication. It is well documented that botnet operators like to artificially increase their bot count. I estimate the number to be closer to 25,000 unique devices. I was able to get a reliable network traffic graph produced of the traffic generated from all the botnets combined and it was just under 300gbit/s.” continues Subby.
(SecurityAffairs – IoT botnets, hacking)