Linux and Raspberry Pi become top targets for credential hacking
Study finds Linux and Raspberry Pi become top targets for credential hacking.
New research shows that hackers often use the same common passwords, often the default ones, to gain access to servers.
Data from Bulletproof also shows that the default Raspberry Pi username and logins feature prominently in the list of top default credentials used by hackers.
Throughout 2021, research using honeypots shows that 70% of total network activity is currently bot traffic.
As hackers increasingly deploy automated attack methods, default credentials are the passwords most commonly used by these bad actors, effectively acting as a ‘skeleton key’ for criminal access.
“The default Raspberry Pi credentials (un:pi/pwd:raspberry) are on the list. There are over 200,000 machines on the Internet running the standard Raspberry Pi OS, making it a reasonable target for bad actors. We can also Seeing credentials that look like they’re being used on a Linux machine (un:nproc/pwd:nproc)” said Brian Wagner, CTO at Bulletproof, “This highlights a key issue – the default credentials still haven’t been changed. Using Default credentials provide an easy entry point for attackers, acting as a ‘skeleton key’ for multiple hackers. Using legitimate credentials allows hackers to avoid detection and makes it more difficult to investigate and monitor attacks.”
A quarter of the passwords still in use by attackers today originated from the RockYou database leak in December 2009. These ciphers are still viable, and Bulletproof’s penetration testers have also tried them in their tests because they still have a high success rate.
“Within milliseconds of a server being put on the Internet, it’s already been scanned by various entities. The botnet will target it, and then a lot of malicious traffic will be driven to the server,” Wagner added. “While some of our data shows legitimate research companies scanning the internet, the largest percentage of traffic we encounter into our honeypots comes from threat actors and compromised hosts.”
The full Bulletproof annual cybersecurity industry threat report comes from the company’s website. Below is a list of top-level default credentials in use.