There are multiple ways malware can get into the target system. While some approaches might be similar to the Windows platform, others will be different because of the different purposes they serve. Let's summarize the most common situations:
- Default weak credentials: Unfortunately, many companies manufacturing devices use very weak default credentials in order to remotely connect to the devices for maintenance purposes. While SSH and Telnet are the top choices of attackers in terms of the protocols being misused, other vectors are also possible, for example, web consoles. If we look at the list of hardcoded pairs found in the Mirai malware source code, we can see that somewhere around 60 combinations can give attackers access to several hundred thousand devices in a very short time. Here are some examples of them:
- root/12345
- admin/1111
- guest/guest
- user/user
- support/support
- Dynamic passwords: Some companies tried to avoid this situation...
