A hacker has taken over at least 29 IoT botnets

Hacker “Subby” brute-forces the backends of 29 IoT botnets that were using weak or default credentials.

A hacker that goes online with the moniker ‘Subby’ took over 29 IoT botnets in the past few weeks with brute-force attacks.

The hacker ‘Subby’ took over 29 IoT botnets in the past few weeks brute-forcing the back end panels of their command and control servers.

The hacker accessed to the control panels that were secured with weak credentials.

“Now this theory has been implemented by a threat actor named Subby, who has brute forced at least 29 IoT C2s, and found them using extremely trivial credentials.” wrote Ankit Anubhav, security researcher at NewSky Security. “As shared by the threat actor, one can see that the credentials used are fairly weak.”

Subby told Anubhav that some of C2 associated with the IoT botnets were using very common credentials, including “root:root”, “admin:admin”, and “oof:oof”.

In an Interview with Anybhav, Subby explained that most of the IoT botnets he hacked were set up by script kiddies following online tutorials.

“It’s obvious as to why this is happening. A large percentage of botnet operators are simply following tutorials which have spread around in the community or are accessible on YouTube to set up their botnet. When following these tutorials, they do not change the default credentials. If they do change the credentials the password they supply is generally weak and therefore vulnerable to brute forcing.” Sabby told Anybhav.

Subby explained that he gained control over a total of more than 40,000 devices in just a week, a disconcerting firepower that could be potentially abused by several threat actors.

“Within the 1st week of brute forcing, I surpassed 40,000 devices. This was quite an inflated number due to possible duplication. It is well documented that botnet operators like to artificially increase their bot count. I estimate the number to be closer to 25,000 unique devices. I was able to get a reliable network traffic graph produced of the traffic generated from all the botnets combined and it was just under 300gbit/s.” continues Subby.

Sabby explained that he initially hacked the IoT botnets to see the efficiency of brute forcing C2 admin panel to build a botnet, rather than using exploits.

Sabby demonstrated that it is very easy for threat actors to build IoT botnets that could be used for many malicious activities.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – IoT botnets, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]