Akamai warns that attackers are compromising IOT devices and using them as proxies to test stolen credentials against web-based applications. The tactic is known as credential stuffing, which is similar to brute-force attacks in their automation and thirst for verifying the validity of the stolen passwords. The company estimates that at least two million IOT and networking devices have been compromised and are being used as proxies in these credential-stuffing attacks. The attacks are not out of the realm of possibility, according to the company.
Source: https://threatpost.com/old-ssh-vulnerability-at-center-of-credential-stuffing-attacks/121266/