Security Alert: Hacker Releases 500,000+ IoT Device Passwords
A hacker this week released the Telnet credentials of roughly 515,000 routers, servers and IoT devices in one of the largest breaches of its kind, as first reported by ZDNet.
The leaked passwords and IP addresses could be used to take control of a smart device without the user’s knowledge.
Two things you can do right away to reduce the risks to your devices: Change to a strong device password and make sure you know what devices are on your network — whether it’s a home network or an enterprise-level one, said Scott Christensen, GrayMatter’s Cyber Practice Lead, in an interview with TechHub.
“It wasn’t a sophisticated attack,” Christensen said. “The hacker in this case used a couple bots, scanned for open Telnet and open access and then he just used some automated password cracking.”
“He looked for things that did not change their default password, or did not change commonly used passwords like ‘1234’ or ‘password.’ And by using these unsophisticated, simple methodologies, he was able to gain access to 500,000 IoT devices,” he said.
The even scarier part, Christensen said, is that the hacker then released those crackable passwords and devices to the world, enabling others to capitalize on his findings.
Join GrayMatter’s OT Cyber Survey — We Need Your Voice
GrayMatter is asking for your help in adding to the conversation about cybersecurity for operational technology enterprises in 2020.
We’re doing that this week via a two-minute survey, which you can find and fill out below, or on the linked page on our site.
The goal is to highlight how companies in manufacturing, oil and gas and other industries are confronting cybersecurity issues in 2020 and what kinds of challenges they’ve encountered already.
We believe sharing an overall view of these experiences will help everyone in the industry make better decisions about their cybersecurity strategy.
So, please take the survey below, and we’ll follow up next month with the results. Thank you!Create your own user feedback survey
emPOWERUP 2020 Speaker Series Ready to Roll
We’re officially launching this year’s emPOWERUP Speaker Series!
First. The Dates.
Arizona, March 10; Utah, March 12; Florida, March 17; Colorado, April 7
Visit our events page for more details and to register for free in your area.
If you specialize in Operational Technology, emPOWERUP 2020 series truly is for you.
We’re inviting plant floor managers, cybersecurity professionals, data scientists, operations engineers and others to join us for a valuable, one-day session. The goal is to collaborate with peers in a small-group setting and to learn from our experts about the latest technologies, trends and solutions in the industry.
This year’s event series will cover the latest updates and tools from GE Digital including iFIX 6.1 and Proficy Operations Hub.
We’ll also delve into steps you can take to advance enterprise-level objectives at your company or organization. That includes adopting best practices for your company’s digital transformation journey, developing powerful data visualizations that appeal to both leaders and operators, building edge computing solutions and improving OT cybersecurity.
Don’t forget to sign up today and get it on your calendar!