"HACKED-ROUTER-HELP-SOS-HAD-DUPE-PASSWORD" - your Mikrotik or Ubiquiti also has such a hostname?
The Shodan search engine is a real repository of information. This time he tells us about:
- HACKED-ROUTER-HELP-SOS-HAD-DUPE-PASSWORD : nearly 28,000 Mikrotik / Ubiquiti devices with this hostname. 700 devices are reported in Poland.
- HACKED-ROUTER-HELP-SOS-HAD-DEFAULT-PASSWORD : 3600 devices with changed hostname and password "DEFAULT". There are 17 devices available from outside in Poland.
- HACKED-ROUTER-HELP-SOS-WAS-MFWORM-INFECTED : 11720 devices that could become part of a botnet: constitute a proxy server for cybercriminals, a "victim" for DDoS attacks or digging cryptocurrency .
Ankhv Anubhav from NewSky Security says his observations of the incident, which have been going on since 2016, have now had a real impact on security. There are a lot of "hacked" devices, in addition their users complain about the manufacturer's forum , that in fact someone has logged on to their routers using the default login and password.
Fortunately, it seems that someone just wanted to pay attention to the scale of the problem by identifying devices in the Shodan search engine. I must admit that he did it creatively and almost as spectacularly as the burglars who after hacking the device available on the network created a new user with the " mother / fucker " credentials.
Learn more about our offer
We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.