IoT device pwned by credential attackers once every 120 seconds in SANS research

Connected devices pwned by attackers every 2 minutes; that’s what happened after an IoT device went online for two days

When Johannes Ullrich, dean of research at the SANS Technology Institute, exposed a digital video recorder to the Internet he was probably expecting the worse to happen. His expectations were met, and then some. After being online for just 45 hours, the IoT device had been accessed more than 1,250 times by attackers using the correct login credentials. It should be pointed out that the DVR in the research was rigged to reboot every five minutes so as to allow all login attempts to be more accurately logged. This is because some of the malware that is installed by attackers will disable telnet post-infection in order to prevent other attackers exploiting the now pwned device. It’s this that allowed the true scope of the attack to be logged: a successful credentials-based attack once every two minutes on average.

Click here to read complete article