A hacker has taken over at least 29 IoT botnets

Hacker “Subby” brute-forces the backends of 29 IoT botnets that were using weak or default credentials.

A hacker that goes online with the moniker ‘Subby’ took over 29 IoT botnets in the past few weeks with brute-force attacks.

The hacker ‘Subby’ took over 29 IoT botnets in the past few weeks brute-forcing the back end panels of their command and control servers.

The hacker accessed to the control panels that were secured with weak credentials.

“Now this theory has been implemented by a threat actor named Subby, who has brute forced at least 29 IoT C2s, and found them using extremely trivial credentials.” wrote Ankit Anubhav, security researcher at NewSky Security. “As shared by the threat actor, one can see that the credentials used are fairly weak.”

Subby told Anubhav that some of C2 associated with the IoT botnets were using very common credentials, including “root:root”, “admin:admin”, and “oof:oof”.

In an Interview with Anybhav, Subby explained that most of the IoT botnets he hacked were set up by script kiddies following online tutorials.

“It’s obvious as to why this is happening. A large percentage of botnet operators are simply following tutorials which have spread around in the community or are accessible on YouTube to set up their botnet. When following these tutorials, they do not change the default credentials. If they do change the credentials the password they supply is generally weak and therefore vulnerable to brute forcing.” Sabby told Anybhav.

Subby explained that he gained control over a total of more than 40,000 devices in just a week, a disconcerting firepower that could be potentially abused by several threat actors.

“Within the 1st week of brute forcing, I surpassed 40,000 devices. This was quite an inflated number due to possible duplication. It is well documented that botnet operators like to artificially increase their bot count. I estimate the number to be closer to 25,000 unique devices. I was able to get a reliable network traffic graph produced of the traffic generated from all the botnets combined and it was just under 300gbit/s.” continues Subby.

Sabby explained that he initially hacked the IoT botnets to see the efficiency of brute forcing C2 admin panel to build a botnet, rather than using exploits.

Sabby demonstrated that it is very easy for threat actors to build IoT botnets that could be used for many malicious activities.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – IoT botnets, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini: Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

This website uses cookies.