Logs from these honeypots provides an insight into what opportunistic scanners are using in order to test – and likely compromise – internet-connected point-of-sale (PoS*) systems, kiosks, and compromised desktop PCs which offer the Remote Desktop Protocol (RDP) service for remote management.
The study, which focused on retail terminals, pulled out statistics on the frequency and source of opportunistic attacks, as well as the top attempted passwords and usernames. The overlap between these chosen credentials and published password dumps collected from breach data was also highlighted.
Instead of old favourites such as “12345” and “password” on the user side, credentials such as “x”, “St@rt123”, “P@ssw0rd” and “admin” appeared in the top 10 of password guessing attempts. Usernames of “administrator”, “admin” and “pos” were among the most frequently guessed in the hi-tech doorknob-rattling by hackers.