Winning the lottery becomes feasible when you fill your tickets out by the truckload. It's quite doable to hit everything with your dictionary and sure enough you'll catch a bunch of boxes with laughable passwords in your dragnet.
These days it's mostly random IoT devices that come with preconfigured ssh service and known passwords.
More interesting might be the fact that there's a strong chance that any successfully hit host is already compromised because you're just one of a myriad people doing this exact thing. In a way it's comparable to overfishing.
edit:
If you run a honeypot/net you can watch those scripts poking around to check if a competitor has already left his mark and will then try to remove his access. There's a fast paced arms race going on in that regard.
As an experiment I put up an in-memory server at a random IP, with a root password that was in the dictionary.
It was infected within an hour, and by multiple attackers.
It also reminds me about how there was a time when it was impossible to install XP - you needed internet access to get the latest patches, but by the time you downloaded them you were already infected.
Judging by the logs they’re mostly going after low-hanging fruit - Wordpress and similar software with default username and password . They probably get quite a few hits.
These days it's mostly random IoT devices that come with preconfigured ssh service and known passwords.
More interesting might be the fact that there's a strong chance that any successfully hit host is already compromised because you're just one of a myriad people doing this exact thing. In a way it's comparable to overfishing.
edit: If you run a honeypot/net you can watch those scripts poking around to check if a competitor has already left his mark and will then try to remove his access. There's a fast paced arms race going on in that regard.