The Atlantic's Andrew McGill set up a virtual server on Amazon's cloud that presented to the internet as a crappy, insecure Internet of Things toaster; 41 minutes later, a hacked IoT device connected to it and tried to hack it. Within a day, the "toaster" had been hacked more than 300 times.
I'll admit this volume of attacks might not be typical. I hosted my fake toaster on a virtual Amazon server, not an actual toaster hooked up to residential internet. Hackers aren't typing these passwords themselves—they've programmed bots to do the hard work for them, scanning through thousands of open ports an hour. And I'd bet those scripts are trawling Amazon's range of IP addresses more frequently in hopes of hacking vulnerable rookies. (If that has happened to me without my knowledge, I am very sorry and please don't hurt me.) But my experience matches what security firms have seen. It is now within the capability of hackers to literally scan the entire internet, looking for vulnerable servers with open ports. And every hacked computer adds another recruit to the search effort, shortening the time required geometrically.
The Inevitability of Being Hacked
[Andrew McGill/The Atlantic]