Mirai does one, and only one thing in order to break into new devices: it cycles through a bunch of default username/password combinations over telnet, like “admin/admin” and “root/realtek”. For a laugh, “mother/fucker” is in there too.
Default credentials. Over telnet. That’s how you get hundreds of thousands of devices. The Morris worm from 1988 tried a dictionary password attack too, but only after its buffer overflow and sendmail backdoor exploits failed.
Oh, and Morris’ password dictionary was larger, too.
.. Around the world, we spend $75 billion a year on information security. And for what, when we keep getting such basic things wrong? Suppose I waved a magic wand and cut the worldwide security budget in half. Would things really be that much worse? The security industry is addicted to selling expensive complicated products instead of doing the basics well.
.. But, right now, the vast majority of threats can be thwarted by the basics:
- Keep your systems patched
- Keep your systems properly configured.
- Make sure you have strong passwords and two factor authentication.
.. The major botnet of 2016 is simpler than the botnet of 1988.