We build security solutions to protect our networks from the rest of the internet, but do we do anything to protect the network from our own employees and users? The first line of protection for your networks is not the firewall or other perimeter security device, it is the education and protection of the people that use the network. People are concerned about having their apartments or homes broken into so they put locks on the doors, install alarm systems, or put surveillance equipment like security cameras around the property. They are vigilant about making sure that an unauthorized intruder cannot enter the home easily without detection and alarms being raised.
Following the public release of the Mirai (You can read more about it here) bot code, security analysts fear for a flood of online attacks from hackers. Mirai exposes worm-like behavior that spreads to unprotected devices, recruiting them to form massive botnets, leveraging factory default credentials and telnet to brute and compromise unsuspecting user’s devices.
Soon after the original attacks, Flashpoint released a report identifying the primary manufacturer of the devices utilizing the default credentials ‘root’ and ‘xc3511’. In itself, factory default credentials should not pose an enormous threat, however combined with services like Telnet or SSH enabled by default and the root password being immutable, the device could be considered a Trojan with a secret backdoor, a secret that now has become public knowledge.