Botnet attacks on IoT devices continue to increase in both volume and sophistication. Mirai variants are evolving to use exploits that target vulnerabilities, however using basic factory-installed username and password hijacking is still a very effective approach. The following article lists the top five most-seen username/password combinations being shotgunned out by IoT botnets that have already been targeted by Mirai. Additionally, you’ll see the next 20 most commonly targeted username/password combinations, not yet featured in Mirai.
Two years after Mirai botnets first appeared, new generations of botnets are continuing to probe for internet-connected devices that they can easily compromise, often via a vastly expanded list of default usernames and passwords.