A Major Security Weak Link is Proved by Linux and Raspberry Pi Devices

A Major Security Weak Link is Proved by Linux and Raspberry Pi Devices

Hundreds of thousands of Linux and Raspberry Pi devices are currently linked to the internet, with nothing more than the default password protecting them.

Fraudsters are scanning for susceptible devices with these default passwords in hand with a slew of automated bots. Once they’ve located them, it’s pretty simple to plant malware.

These are the conclusions of a recent Bulletproof threat study, which states that “knockknockwhosthere,” “nproc,” “1”, “x,” “1234”, “123456”, “root,” and “raspberry” are among the most often used default passwords.

Easy Attack Point

“On the list are the default Raspberry Pi credentials (un:pi/pwd:raspberry). More than 200,000 machines on the internet are running the standard Raspberry Pi OS, making it a reasonable target for bad actors. We also can see what looks like credentials used on Linux machines (un:nproc/pwd:nproc). This highlights a key issue - default credentials are still not being changed,” said Brian Wagner, Chief Technology Officer at Bulletproof

“Using default credentials provides attackers with one of the easiest entry points, acting as a ‘skeleton key’ for multiple hacks. Using legitimate credentials can allow hackers to avoid detection and makes investigating and monitoring attacks much harder.”

To make matters worse, the research states that a fifth of the passwords used by attackers today originated from the RockYou database leak that occurred more than a decade ago.

Bulletproof’s cybersecurity experts developed a honeypot in the form of servers in public cloud settings with purposeful security weaknesses to attract bad actors for the study.

During the research, bad actors began over 240,000 sessions, and more than half (54 percent) of over 5,000 different IP addresses had information indicating they were bad actor IP addresses.

“Within milliseconds of a server being put on the internet, it is already being scanned by entities. Botnets will be targeting it, and a host of malicious traffic is then being driven to the server,” continued Wagner. “Although some of our data show legitimate research companies scanning the internet, the greatest proportion of traffic we encountered to our honeypot came from threat actors and compromised hosts.”

5
1 ratings
Paul Syverson
WRITTEN BY
Paul Syverson
Paul Syverson is the founder of Product Reviews. Paul is a computer scientist; he used to carry out a handful of significant studies which contributed to bringing in many special features on the site. He has a huge passion for computers and other tech products. He is always diligent in delivering quality writings to bring the most value to people. Syverson.org |

Advertisement