logo
logo
logo
logo
Gary Wynn 2016-06-28
img

A massive network of hacked CCTV cameras is being used to bring down computers around the world, we're told.

The shop's website was flooded offline after drowning in 35,000 junk HTTP requests per second.

"As we extracted the geo-location from the IP addresses generating the DDoS, we noticed that they were coming from all over the world, different countries and networks.

Around a quarter of the remote-controlled malware-infected cameras were located in Taiwan, with another 12 per cent in the US and just under 10 per cent in Indonesia.

The remote-code execution vulnerability was discovered in March; sadly, CCTVs aren't high on the patching priority list of most admins.

There's not a lot victims can do to avoid this botnet other than buying more internet-facing bandwidth or putting their servers behind large anti-DDoS services.

collect
0
Julian Dunkelberger 2016-06-28
img

The researchers with Security firm Sucuri came across the malicious network while defending a small brick-and-mortar jewelry shop against a distributed denial-of-service attack.

"It is not new that attackers have been using IoT devices to start their DDoS campaigns," Sucuri CTO and founder Daniel Cid wrote in a blog post, using the abbreviation for Internet of things.

The researchers later found the malicious IPs contained the company logos of resellers of CCTV services and that all the devices were running BusyBox, a collection of Unix-based utility tools that run on embedded devices.

To make it harder to block the attack, the malicious devices had been programmed to emulate normal browser behavior by displaying a variety of common user agents, such as those associated with the Chrome, Internet Explorer, and Safari browsers.

The hacked devices also displayed "referrers" falsely showing they had most recently visited sites including Engadget, Google, and USA Today.

Cid speculated they were hacked by exploiting a recently disclosed vulnerability that allows remote code execution on digital video recorders from 70 different manufacturers, but so far this theory hasn't been confirmed.

collect
0
Jose Wenger 2016-06-28
img

One such attack, recently observed by researchers from Web security firm Sucuri, targeted the website of one of the company s customers: a small bricks-and-mortar jewelry shop.

Around half of the devices displayed a generic H.264 DVR logo on the page, while others had more specific branding such as ProvisionISR, QSee, QuesTek, TechnoMate, LCT CCTV, Capture CCTV, Elvox, Novus, and MagTec CCTV.

The botnet seems to have a global distribution, but the countries with the largest number of compromised devices are Taiwan 24 percent , the U.S. 16 percent , Indonesia 9 percent , Mexico 8 percent , Malaysia 6 percent , Israel 5 percent , and Italy 5 percent .

Back in March, a security researcher found a remote code execution vulnerability in DVRs from more than 70 vendors.

Back in October, security vendor Imperva reported seeing DDoS attacks launched from a botnet of 900 CCTV cameras running embedded versions of Linux and the BusyBox toolkit.

If remote management or monitoring is needed, users should consider a deploying a VPN virtual private network solution that allows them to connect inside the local network first and then to access their DVR.

collect
0
Gary Wynn 2016-06-28
img

A massive network of hacked CCTV cameras is being used to bring down computers around the world, we're told.

The shop's website was flooded offline after drowning in 35,000 junk HTTP requests per second.

"As we extracted the geo-location from the IP addresses generating the DDoS, we noticed that they were coming from all over the world, different countries and networks.

Around a quarter of the remote-controlled malware-infected cameras were located in Taiwan, with another 12 per cent in the US and just under 10 per cent in Indonesia.

The remote-code execution vulnerability was discovered in March; sadly, CCTVs aren't high on the patching priority list of most admins.

There's not a lot victims can do to avoid this botnet other than buying more internet-facing bandwidth or putting their servers behind large anti-DDoS services.

Jose Wenger 2016-06-28
img

One such attack, recently observed by researchers from Web security firm Sucuri, targeted the website of one of the company s customers: a small bricks-and-mortar jewelry shop.

Around half of the devices displayed a generic H.264 DVR logo on the page, while others had more specific branding such as ProvisionISR, QSee, QuesTek, TechnoMate, LCT CCTV, Capture CCTV, Elvox, Novus, and MagTec CCTV.

The botnet seems to have a global distribution, but the countries with the largest number of compromised devices are Taiwan 24 percent , the U.S. 16 percent , Indonesia 9 percent , Mexico 8 percent , Malaysia 6 percent , Israel 5 percent , and Italy 5 percent .

Back in March, a security researcher found a remote code execution vulnerability in DVRs from more than 70 vendors.

Back in October, security vendor Imperva reported seeing DDoS attacks launched from a botnet of 900 CCTV cameras running embedded versions of Linux and the BusyBox toolkit.

If remote management or monitoring is needed, users should consider a deploying a VPN virtual private network solution that allows them to connect inside the local network first and then to access their DVR.

Julian Dunkelberger 2016-06-28
img

The researchers with Security firm Sucuri came across the malicious network while defending a small brick-and-mortar jewelry shop against a distributed denial-of-service attack.

"It is not new that attackers have been using IoT devices to start their DDoS campaigns," Sucuri CTO and founder Daniel Cid wrote in a blog post, using the abbreviation for Internet of things.

The researchers later found the malicious IPs contained the company logos of resellers of CCTV services and that all the devices were running BusyBox, a collection of Unix-based utility tools that run on embedded devices.

To make it harder to block the attack, the malicious devices had been programmed to emulate normal browser behavior by displaying a variety of common user agents, such as those associated with the Chrome, Internet Explorer, and Safari browsers.

The hacked devices also displayed "referrers" falsely showing they had most recently visited sites including Engadget, Google, and USA Today.

Cid speculated they were hacked by exploiting a recently disclosed vulnerability that allows remote code execution on digital video recorders from 70 different manufacturers, but so far this theory hasn't been confirmed.