Number: IRCNE2015102675
Date: 2015/10/25
According to “zdnet”, over 900 CCTV cameras have become slaves in a global botnet used to disrupt online services, researchers have discovered. According to Incapsula's research team, CCTV cameras are a common element of IoT-based botnets.
Now, a fresh attack is poised to disrupt online services. First discovered when investigating a HTTP Get Flood attack -- a type of distributed denial-of-service (DDoS) campaign -- which peaked at around 20,000 requests per second, the researchers found that within the list of attacking IPs, many of them belonging to CCTV cameras.
All of the compromised devices were running BusyBox, a lightweight Unix utility bundle designed for systems with limited resources. Once an attacker gained access to a camera through the default credentials, they installed a variation of the ELF Bashlite malware, a type of malicious code which scans for network devices running BusyBox.
If devices are discovered, the malware then searches for open Telnet/SSH services which are susceptible to brute force dictionary attacks. This particular variant, however, was also equipped with the power to launch DDoS attacks.
A simple method to prevent hackers from gaining access to these cameras is to change the default username and passwords associated with your devices.
- 8