Sucuri researchers says a 25,000+ hacked CCTV Camera Botnet is being used to launch DDoS attacks
A botnet made up of more than 25,000 hacked security cameras spread around the world is being used to launch DDoS attacks, researchers say. Researchers have uncovered an unusual camera botnet made up entirely of Internet-connected CCTV cameras, in the latest sign of the security risks posed by the “Internet of Things” (IoT). Attackers leveraged the large CCTV Camera Botnet to Launch DDoS Attacks.
The botnet consisted of thousands of closed-circuit television (CCTV) devices launched distributed denial-of-service (DDoS) attacks. The attack came to light when Sucuri was contracted to protect the website of a bricks-and-mortar jeweler shop that had been knocked offline by a denial-of-service attack.
Daniel Cid, CTO of Sucuri Security, explains that a small jewelry shop recently signed up with his company. At the time, the new customer was experiencing a DDoS attack that had knocked it offline for a few days. Sucuri quickly analyzed the campaign to be a layer 7 attack (HTTP Flood) consisting of around 35,000 requests per second (RPS). The security firm then mitigated the attack.
In a normal situation the attack mitigation should have been the end of the story. But it wasn’t. After the site came back up, the attackers renewed the DDoS attack, this time they launched a HTTP Flood that generated 50,000 RPS. The attack continued for several days. The security team took a deeper look into the attack and found that the attackers were using Internet of Things (IoT) CCTV devices to target the jewelry shop.
New attack vector that we should get used to seeing?
“It is not new that attackers have been using IoT devices to start their DDoS campaigns, however, we have not analyzed one that leveraged only CCTV devices and was still able to generate this quantity of requests for so long. As we extracted the geo-location from the IP addresses generating the DDoS, we noticed that they were coming from all over the world, different countries and networks. A total of 25,513 unique IP addresses came within a couple of hours.”
About a quarter (24%) of the requests originated from devices located in Taiwan, with traffic also coming from the United States (12%), Indonesia (9%), it was unclear how all of these CCTV devices were infected.
Security camera risk
Internet-connected CCTV cameras are one of the most vulnerable IoT devices, according to Incapsula, due in part to the large number deployed. About 245 million professionally installed surveillance cameras were operating worldwide last year, according to figures from research firm IHS Technology, but Incapsula estimated there are “millions” more that have been set up on an ad-hoc basis.
They found that the devices had been easy to hack because they had all used the factory default login credentials. The lack of security meant, unsurprisingly, that the devices involved had, in almost every case, been hacked by several different individuals.
Even tough, a study released last year found that up to 68 percent of IT professionals believe business efficiency requirements are forcing their organizations to adopt IoT devices in spite of the security risks.
Companies can do little to protect themselves against Camera Botnet attacks aside from having DDoS mitigation technologies in place. However, individuals can help prevent these types of attacks from occurring in the first place:
Defensive measures for online camera users or vendors, to make sure it is the camera is fully patched and isolated from the internet. Any device that has Internet access (from DNS resolvers, to NTP servers, and so on) should make sure they are fully patched and isolated from the internet.
News of this attack follows several months after another security firm spotted 900 CCTV camera botnet engaging in DDoS attacks against an unnamed cloud services provider.