Skip to main content

Giant CCTV Camera Botnet Highlights IoT Security Threats



Researchers have uncovered an unusual botnet made up entirely of Internet-connected CCTV cameras, in the latest sign of the security risks posed by the “Internet of Things” (IoT).
The incident recalls a similar case last autumn in which a computer security firm found that a botnet made up of 900 CCTV cameras was launching an attack on an unnamed cloud services provider.



Giant botnet

IBM
But in this case the attack network was much larger, launching malicious data from more than 25,000 unique Internet addresses, according to computer security firm Sucuri.
The attack came to light when Sucuri was contracted to protect the website of a bricks-and-mortar jewellery shop that had been knocked offline by a denial-of-service attack, according to Daniel Cid, founder and chief techology officer of the company.

After Sucuri had blocked the attack, they found that instead of giving up, the attackers increased the intensity of the barrage from 35,000 HTTP requests per second to 50,000 requests per second, Cid said in an advisory.

“Since this type of long-duration DDoS is not so common, we decided to dive into what the attackers were doing, and to our surprise, they were leveraging only IoT CCTV devices as the source of their attack botnet,” he wrote.
He said it was the first time the firm had come across an entirely CCTV-based botnet of that scale.

Worldwide distribution

Sucuri found that at least 25,500 devices were being used to launch the attack, with 24 percent located physically in Taiwan, followed by the US with 12 percent, Indonesia with 9 percent, Mexico with 8 percent and Malaysia with 6 percent.
The devices were located across a total of 95 countries, and all were based on BusyBox, a Unix utilities package that often runs on embedded devices, Cid said.

Sucuri said it is contacting the network providers hosting the devices’ Internet addresses to help fix the issue, but botnets are notoriously difficult to dismantle due to their diffuseness.
“If you are an online camera user or vendor, please make sure it is fully patched and isolated from the Internet,” he wrote.
Last autumn computer security firm Incapsula said it had seen a 240 percent increase in malicious traffic on its network in March of 2014, most of it originating from compromised CCTV cameras.

Security camera risk

Online surveillance © - Fotolia.comInternet-connected CCTV cameras are one of the most vulnerable IoT devices, according to Incapsula, due in part to the large number deployed.
About 245 million professionally installed surveillance cameras were operating worldwide last year, according to figures from research firm IHS Technology, but Incapsula estimated there are “millions” more that have been set up on an ad-hoc basis.

Research firm IDC anticipates there will be more than 28 billion IoT devices installed by 2020.
Incapsula said last October it had found a CCTV-based botnet made up of about 900 devices that were being used to launch denial-of-service attacks, all of which were, like the network found by Sucuri, running BusyBox.

Incapsula found that the devices had been easy to hack because they had all used the factory default login credentials. The lack of security meant, unsurprisingly, that the devices involved had, in almost every case, been hacked by several different individuals.

The cameras involved were spread around the world, with particularly large numbers from India (169), Latin America and Eastern Europe. By coincidence, one of the infected devices was located at a shop five minutes from Incapsula’s Tel Aviv offices, the company said .

“We were able to meet with the store owners, show them how their CCTV cameras were abused to attack our clients and help them clean the malware from the infected camera’s hard drive,” wrote Incapsula’s researchers at the time. “As we did, we witnessed it coughing out attacking requests up to the very last moment.”
A study released last year found that up to 68 percent of IT professionals believe business efficiency requirements are forcing their organisations to adopt IoT devices in spite of the security risks.

Comments

Popular posts from this blog

US Demands Immediate End To South Sudan Fighting

The United States demanded an immediate end to renewed fighting in the capital of South Sudan on Sunday, ordering all non-essential personnel out of the troubled country. "The United States strongly condemns the latest outbreak of fighting in Juba today between forces aligned with President Salva Kiir Mayardit and those aligned with First Vice President Riek Machar Teny, including reports we have that civilian sites may have been attacked," State Department spokesman John Kirby said in a statement.

Canada Police Thwart Potential Attack,Suspect Shot Dead

Canadian police shot dead an alleged Islamic State sympathizer who was about to activate an explosive device in Ontario late on Wednesday, media reports said as police confirmed thwarting a “potential terror threat”. There was no immediate confirmation from Canada’s federal police that anyone had been shot, with a statement saying only that a suspect had been identified and that they had taken “action” after receiving “credible information” about a potential attack. “Earlier today, the RCMP received credible information of a potential terrorist threat. A suspect was identified and the proper course of action has been taken to ensure that there is no danger to the public’s safety,” the Royal Canadian Mounted Police (RCMP) said in a statement. They did not say where the incident took place. Media reports said the suspect was a 24-year-old man who had been arrested in 2015 for expressing support for the Islamic State group in postings on social media. He had been released in February ...

Lafarge Africa Posts N30bn Drop In Half-Year Profit

Lafarge Africa Plc, a leading cement and building solutions provider, yesterday announced a loss of N30.1 billion for the half year ended June 30, 2016, compared with a profit after tax of N27.3billion in the corresponding period of 2014.