A cybercriminal has published a list of Telnet credentials on a popular hacking forum that contains more than 515,000 credentials for servers, home routers, and IoT smart devices. Telnet is an insecure remote access protocol that allows the administration of the devices over the internet. Information sent using the Telnet protocol is not encrypted, including passwords sent to log in to the device. Many devices ship with insecure default passwords, configured to accept Telnet connections without the device owner’s knowledge. According to experts and the leaker himself, the list was compiled by scanning the Internet for devices that expose their Telnet port and then trying to access them by using the default password or easy to guess password combinations.
Analyst Notes
An attacker with this information could easily gain access to the exposed device and steal any information that is available or spy using IoT cameras and microphone-enabled devices. Home and small business routers are especially at risk, because an attacker with access to a router can redirect network traffic to malicious sites, steal or alter the unencrypted information sent over the network, and use the router as a proxy to attack other networks from the compromised router’s IP address. Business owners should regularly scan the public-facing IP addresses of their business to discover any open ports, including Telnet. It is recommended for owners of these devices to disable Telnet or change the default login credentials to a unique and complex password to avoid unauthorized access. Binary Defense offers a Cyber Security Assessment for businesses that includes an external vulnerability scan. To learn more about the Security Assessment, please see this page: https://www.binarydefense.com/risk/
To read more: https://www.zdnet.com/article/hacker-leaks-passwords-for-more-than-500000-servers-routers-and-iot-devices/
