This paper summarizes a year\u2019s worth of credential scanning data collected from Heisenberg (Breaking Bad fan’s anyone?), Rapid7\u2019s public-facing network of low-interaction honeypots. Instead of focusing on the passwords that end users typically pick, this data contains what opportunistic scanners are using in order to test\u2014 and likely compromise\u2014 Internet connected point of sale (POS) systems, kiosks, and scamware-compromised desktop PCs which offer the Remote Desktop Protocol (RDP) service for remote management.\u00a0Heisenberg honeypots are custom-engineered, low-interaction honeypots that are distributed geographically across several regions. There’s a lot of interesting statistics in this paper such as the frequency of scans from certain geographical areas, the most common usernames and passwords used in scans against the honeypots, and how these usernames passwords are associated with each other in the attack. The surprising detail uncovered was just how weak the passwords were (the most common username and password combination used was username: administrator – password: x).\u00a0Since these passwords were deliberately chosen by the various scanners which ran up against Heisenberg, it implies that the default and common passwords to several POS and kiosk systems are chosen out of convenience, rather than security. Sobering stuff!<\/p>\n