• by Chase Martin , April 12, 2017

The threat of cyberattacks driven by unsecure IoT devices may be increasing.

The number of compromised IoT devices remains high globally and there also appears to be interest in exploiting unsecured IoT devices for cyberattacks, according to a new study.

McAfee Labs’ new ‘Threats Report’ examines the so-called Mirai malware, which is designed to hack into and control IoT devices at scale. Once compromised, the devices become part of a ‘botnet,’ which can then be used in a targeted cyberattack.

Last fall, a botnet of more than 1 million devices was used to attack Dyn servers, as the IoT Daily reported at the time (U.S. To Issue IoT Principles After Internet Cyberattack).

That attack affected Amazon, Twitter and Paypal, among others. Following the first attack, the source code for the malware was released and multiple attacks of smaller magnitude have occurred throughout the world.

Originally, the devices being attacked included DVRs and connected security cameras, according to the McAfee Labs study.

However, the malware has since expanded in capability to spread across devices connected to a consumer’s home modem or router.

Over the course of 13 hours, McAfee Labs tracked 40,000 compromised IoT devices online. Additionally, 2.5 million offline IoT devices were found. Offline IoT devices include compromised devices that are turned off and previously compromised devices that have been restored from the malware. The malware infected new devices at a rate of about five per minute, according to the study.

The researchers also created a fake IoT device, which received its first attempted attack within the first minute of connecting to the Internet.

In two days, the fake IoT device was used in 34 cyberattacks by multiple botnets. Most of the systems attacked were in the U.S. and most of the targets were gaming servers. Other targets included an e-commerce website, a dating website and a few individuals, according to the study.

Unlike the large-scale cyberattacks last year, McAfee Labs suggests that these botnets are now being created by amateurs. The researchers said they found tutorial videos online explaining how to create a botnet to attack friends or other targets.

“The tutorial videos illustrate that amateur attackers are gathering more botnet code and are playing with it, not realizing its power,” the researchers wrote. “In one tutorial, the presenter live-streamed his setup of a Mirai botnet. After receiving help from a couple of his buddies over Skype, he successfully installed the code, tested it with 121 IoT device bots connected and then launched an attack against his victim.”

Others have posted listings on the Darknet to sell access to existing botnets. For example, one listing offered a one-week rental of a botnet comprising 100,000 devices for $7,500, according to the study.

After identifying an IoT device’s IP address, the malware attempts to gain access using a list of default username and password combinations.

Not using unique usernames and passwords has been widely referenced as a primary vulnerability for IoT device security and is a component of multiple sets IoT security guidelines from industry groups and government agencies.

Here are commonly used names and passwords used to gain access to IoT devices:

• admin // admin1234
• admin // (none)
• admin // 1111111
• admin // 1234
• admin // 12345
• admin // 54321
• admin // 123456
• admin // admin
• root // 888888
• root // user
• root // admin
• root // 0
• root // system
• root // pass
• root // 1111
• root // default
• root // 123456
• root // 54321
• 888888 // 888888