A three-year-long honeypot experiment featuring simulated low-interaction IoT devices of various types and locations gives a clear idea of why actors target specific devices. More specifically, the honeypot was meant to create a sufficiently diverse ecosystem and cluster the generated data in a way that determines the goals of adversaries. IoT (Internet of Things) devices are a booming market that includes small internet-connected devices such as cameras, lights, doorbells, smart TVs, motion sensors, speakers, thermostats, and many more. It is estimated that by 2025, over 40 billion of these devices will be connected to the Internet, providing network entry points or computational resources that can be used in unauthorized crypto mining or as part of Distributed Denial of Service (DDoS) swarms. The experiment produced data from a massive 22.6 million hits. The various actors exhibited similar attack patterns, likely because their objectives and the means to achieve them were common. For example, most actors run commands such as “masscan” to scan for open ports and “/etc/init.d/iptables stop” to disable firewalls. Additionally, many actors run “free -m”, “lspci grep VGA”, and “cat /proc/cpuinfo”, all three aiming to collect hardware information about the target device. Interestingly, almost a million hits tested “admin / 1234” username-password combination, reflecting an overuse of the credentials in IoT devices. As for end goals, the researchers found that the honeypots were targeted mainly for DDoS recruitment and were often also infected with a Mirai variant or a coin miner. Coin miner infections were the most common observation on the Windows honeypot, followed by viruses, droppers, and trojans. “Only 314 112 (13 %) unique sessions were detected with at least one successful command execution inside the honeypots,” explains the research paper. “This result indicates that only a small portion of the attacks executed their next step, and the rest (87 %) solely tried to find the correct username/password combination.”