Approx 900 CCTV cameras have been enlisted as slaves in a botnet thanks to default credentials.
CCTV cameras have become slaves in a global botnet used to disrupt online services, researchers have discovered.
In the past years, we've seen refrigerators also being hacked, Jeeps being controlled remotely by the attackers while the driver is a helpless person, and everything from baby monitors to router devices being criticized for weak security which can place our Internet of Things (IoT) devices at risk and personal privacy and security also.
There are approximately 242 million surveillance cameras in use all over the world -- counting only those which have been professionally installed and logged. Unfortunately, if default settings are left in place and not properly configured, surveillance cameras can become an easy target for hackers setting up botnets -- networks of slave systems which can flood World Wide Web with traffic after directions from a master controller device, resulting in a denial-of-service attack for legitimate traffic.
CCTV cameras are a common element of IoT-based botnets. Security Researchers discovered a 250 percent surge in botnet activity across the firm's network -- and much of this uptake was placed at the feet of enslaved surveillance cameras across the globe.
Now, a fresh attack is born to corrupt online services. First discovered when investigating a HTTP Get Flooding attack -- a type of distributed denial-of-service (DDoS) campaign -- which peaked at around 20,000-30,000 requests per second, the researchers found that within the list of attacking IPs, many of them belonging to the CCTV cameras.
Traffic was able to surge through these connected devices due to installers failing to change default username and passwords in order to protect the cameras from cyber-attacks.
All of the compromised devices were running BusyBox software, a lightweight Unix utility bundle designed for systems with limited resources. Once an attacker gained access to a CCTV device through the default credentials, they installed a variation of the ELF malware, a type of malicious code which scans for network devices running BusyBox.
If devices are discovered, the malware then searches for open Telnet and SSH services which are susceptible to brute force dictionary attacks. This particular variant was also equipped with the power to launch DDoS attacks.
The compromised cameras that monitored were logged from multiple locations in almost every case -- a sign that they were likely hacked by several different individuals.
This shows that how easy it is to locate and exploit such unsecured CCTV devices.
A simple method to prevent cyber attackers from gaining access to these cameras is to change the default credentials i.e. username and passwords associated with the devices.