Symantec research has found that hackers are increasingly taking control of poor security on Internet of Things (IoT) devices in order to hijack them for DDoS attacks.
The research found that 2015 was a record year for IoT attacks, with eight new IoT malware types being discovered. In 2013 there were two and in 2014 there were three.
In 2016, the number of new IoT malware families fell to two, although Symantec found that much of the malware from 2015 was still active.
The most common passwords used by the malware to hack into the IoT devices was the combination of ‘root’ for the username and ‘admin’ for the password. Other common combinations included the reversal of these, as well as combinations involving the word ‘password’, number combinations such as 1234 and keyboard combinations such as ‘qwerty’.
The combination of ‘raspberry’ and ‘pi’, the default credentials on the Raspberry Pi, was also common, indicating attackers are focusing on this platform.
According to the research, the most common attacks came from China, accounting for 34 percent, and the US, accounting for 28 percent.
The report follows a possible real-world example of an IoT botnet in action: the security blog KrebsOnSecurity was hit by a large-scale DDoS attack which owner Brian Krebs suggested had come from an IoT botnet.
The site was hit by a DDoS attack of around 620 Gbps on 20 September, which seemed to use a very large botnet of hacked devices: possibly hundreds of thousands of systems.
Brian Krebs said that there were some signs that the attack had used a botnet that had captured a large number of Internet of Things (IoT) devices. This means that hackers might have exploited weak or default passwords in routers and internet-connected devices in order to turn them against the site.