A 25,000+ CCTV Botnet Army is Launching DDoS Attacks
Over 25,000 digital video recorders and CCTV cameras have been compromised by attackers who are using the devices to launch distributed denial-of-service (DDoS) attacks targeting websites.
Cybersecurity firm Sucuri has revealed details of a curious case of a DDoS attack, one which targeted “a small brick and mortar jewelry shop”. The attack saw some 35,000 HTTP requests per second, clearly overwhelming for a small shop. The cybersecurity firm was able to mitigate the attack for its jewelry store client. Simple enough, so far.
The attackers came back, however, and were soon flooding the targeted domain with 50,000 HTTP requests per second. The attacks were unrelenting for hours before they spanned over several days.
It’s an uncommon attack, if only for its prolonged attack cycle and the cybersecurity sleuths at Sucuri went digging.
Soon enough, they discovered that the attackers had leveraged connected CCTV devices (connected via the Internet of Things), as the instigating collective source of the DDoS attacks.
Sucuri researchers also proceeded to extract the geo-location from the IP addresses piling on the DDoS attack. The IPs were scattered all around the world, across different countries and networks. Notably, a total of 25,513 unique IP addresses turned up, in under a couple of hours.
In a blog, Sucuri revealed the countries with the most compromised CCTV devices.
“The source of the attack concentrated in Taiwan, with 24% of the IP address, followed by the USA with 12%, Indonesia with 9%, Mexico with 8% and Malaysia with 6%,” researchers stated.
Although unconfirmed, a remote code execution vulnerability revealed in March could be the security hole exploited by hackers behind the attack.
As things stand, the unfortunate reality is that there isn’t much that the owners of CCTVs can do. This is due to the fact that most manufacturers seldom release patches despite being aware of vulnerabilities.
Sucuri researchers warned:
We are in the process of reaching out to the networks that have these unprotected and compromised cameras, but that’s just one small piece of the problem. Once the cameras are patched, the attackers will find other easily hacked devices for their botnets.
Featured image from Shutterstock.