Cybercriminals have published the access data and IP addresses of over 515,000 servers, routers and IoT devices on a hacker forum. This data can be used to control vulnerable devices using the remote maintenance service Telnet. This could allow attackers to connect to the devices, install malware and use it for their own benefit, for example to set up a botnet for Distributed-Denial-of-Service (DDoS) attacks. In a DDoS attack, a targeted system and its Internet services become unusable due to a deliberately induced overload. In practice this means massive interruptions of all internet-based services and devices, resulting in immense costs. In many cases, such devices even become irreversibly unusable.

Where does the data come from?

According to a report on  ZDnet, the data comes from a provider of DDoS services. On the forum, the hacker reported that he had automatically scanned the entire network for devices with open Telnet access. Then he started to experiment with default passwords or easy-to-guess combinations. He collected the extensive list of access data—a so called bot list—and published it. This list is dated from October to November 2019. In the past, comparable collections have been used for large-scale attacks and to spread malware. For example, in June last year, the malware Silex destroyed 2,000 IoT devices in just a few hours. Brickerbot destroyed around two million devices in 2017. To do this, the malware logged into the infected IoT devices with standard access data and overwrote disks and partitions with random data. Silex also deletes the firewall settings, removes the network configuration and then switches off the device, rendering the IoT devices are unusable.

Panda users are protected

As a user of our IT security solution Panda Adaptive Defense 360 you have nothing to worry about. Adaptive Defense 360 ensures the security of all endpoints on your corporate network by using advanced technologies and self-teaching systems. In order to prevent malicious processes, all data is centrally monitored in real time and classified 100%. This is how anomalies get noticed and attacks that attempt to install malware via an IoT device will be stopped before any malicious activities can occur.