Content

Mirai Botnet Propagates By Leveraging Weak Default Passwords

By Marcos Colon

The Mirai botnet that used Internet of Things (IoT) devices to launch one of the largest distributed denial-of-service (DDoS) attacks to date was powered by a list of 61 default passwords.

Following the release of the botnet’s source code by its creator, security researchers have noticed the botnet leverages a list of more than 60 combinations of usernames and weak default passwords to scan the internet for insecure IoT devices.

By scanning the internet for these common default passwords – which include “admin” and “12345” – the malware can compromise devices and lock out its users. This method allowed the botnet to grow spread to 380,000 devices.

Mirai is responsible for successful attacks aimed at French hosting company OVH and cybersecurity journalist Brian Krebs’ website, krebsonsecurity.com. 

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.