NEWS
NEWS
NEWS
Big Brother is DDoSing you: Botnet running on 25,000+ CCTV cameras discovered
What if you were to discover that the face of Big Brother in 2016, CCTV cameras, were under the control of hackers and were being used to bring down websites in Distributed Denial of Service (DDoS) attacks?
That Orwellian nightmare is actually now true, with a security firm discovering a network of over 25,000 CCTV cameras doing exactly that.
Sucuri, Inc. made the discovery when investigating an attack against an ordinary jewelry store that was flooded offline after constantly receiving 35,000 junk HTTP requests per second over a period of a number of days. When Sucuri attempted to thwart the attack, the botnet actually upped its output and dumped more than 50,000 HTTP requests per second on the store’s website.
“Since this type of long-duration DDoS is not so common, we decided to dive into what the attackers were doing, and to our surprise, they were leveraging only IoT (Internet of Things) CCTV devices as the source of their attack botnet,” the company said in a blog post.
Researchers a Sucuri queried a number of the boxes participating in the DDoS attack and found that all of them were running a “Cross Web Server” that had a default web page called “DVR Components.” Further investigation found that the malicious IPs also contained the company logos of resellers of CCTV services and the common thread was that all the devices were running a Unix-based set of utility tools called BusyBox.
To hide their identities the malicious devices were cloaking themselves to appear, as they were, common user agents such as web browsers, and also displayed false referral data showing they’d most recently come from sites including Google and USA Today.
Infected CCTV installs were found in 104 countries, with the Taiwan topping the list with 24 percent of IP addresses, followed by the United States with 12 percent, Indonesia with 9 percent, Mexico with 9 percent and Malaysia with 6 percent.
Fix
Sucuri said there was nothing web site owners could do to get the 25,000+ CCTVs fixed and protected, however, they do encourage online camera users or vendors to make sure their systems are fully patched and isolated from the internet.
“We are in the process of reaching out to the networks that have these unprotected and compromised cameras, but that’s just one small piece of the problem,” the company noted. “Once the cameras are patched, the attackers will find other easily hacked devices for their botnets.”
Image credit:
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
