Finnish cybersecurity firm F-Secure released its Attack Landscape H2 2019 report and in it, included some of the first passwords that hackers use when try to hack a device.

The company has a set of 'honeypot' or decoy servers set up in countries around the world to detect patterns in cyberattacks. The vast majority of traffic to the servers is a result of their discovery during scans of the internet by hackers looking for devices to access.

The company said it has seen a significant increase in the traffic to these honeypots in the second half of last year. It said the rise in 'attack traffic' reflects the increasing number of threats to Internet of Things (IoT) devices.

"Honeypot traffic was driven by action aimed at the SMB and Telnet protocols, indicating continued attacker interest in the Eternal Blue vulnerability as well as plenty of infected IoT devices," the report says.

"A great way to see what attackers are interested in is to check out the list of passwords they use," the report says.

Some of the passwords out on their list included:

  1. admin
  2. vizxv
  3. default
  4. 1001chin
  5. sh
  6. taZz@23495859
  7. 12345
  8. password
  9. ttnet
  10. root
"Brute forcing factory default usernames and passwords of IoT devices continues to be an effective method for recruiting these devices into botnets that can be used in DDoS attacks," the report notes.