CCTV Botnets Make DDoS Attacks

Recent reports showed that attackers are leveraging the vulnerability of CCTV for distributed denial-of-service (DDoS) attacks.

Octave Klaba, founder and CTO of OVH, reported via his Twitter account that for days, OVH became victim to multiple DDoS attacks.

“Last days, we got lot of huge DDoS. Here, the list of “bigger that 100Gbps” only. You can see the simultaneous DDoS are close to 1Tbps!” the founder and CTO of OVH tweeted.

According to Klaba, the DDoS attackers used an internet of things (IoT) botnet with 145,607 compromised CCTV security cameras.

“This botnet with 145607 cameras/dvr (1-30Mbps per IP) is able to send >1.5Tbps DDoS,” the CTO of OVH tweeted.

Klaba, who reported the breach on September 22 to 23 this year, said that the severest single attack reached 93 MMps and 799 Gbps.

The attack on OVH is the largest known DDoS offensive, according to Pierluigi Paganini of Security Affairs.

Two days before the DDoS attack on OVH, cybercrime journalist Brian Krebs reported that his website came under DDoS attack. During the attack, the traffic on KrebsOnSecurity reached 620 Gbps in size.

“There are some indications that this attack was launched with the help of a botnet that has enslaved a large number of hacked so-called “Internet of Things,” (IoT) devices — routers, IP cameras and digital video recorders (DVRs) that are exposed to the Internet and protected with weak or hard-coded passwords,” Krebs wrote on his website.

Both OVH and survived the DDoS attacks.

In June this year, cyber security company Sucuri reported that one of its clients, a small brick and mortar jewelry shop, came under DDoS attack for days.

The DDoS attack on the jewelry shop peaked to almost 50,000 HTTP requests per second. Only a few servers can handle 50,000 plus requests per second, according to Sucuri.

When security experts at Sucuri delved into the problem, they found that the DDoS attack utilized 25,000 CCTV security cameras around the world.

Out of the 25,000 CCTVs, according to Sucuri, 75% have IP address from Taiwan, USA, Indonesia, Mexico, Malaysia, Israel, Italy, Vietnam, France and Spain; while 25% were scattered in another 95 countries.

Why Attackers Choose CCTVs

In a blog post entitled “Attack of Things” published on Level 3 Communication website, researchers at Level 3 Threat Research Labs said that CCTV or security camera DVRs are currently favored by DDoS attackers.

Researchers at Level 3 Threat Research Labs wrote:

These devices often come configured with telnet and web interfaces enabled, allowing users to configure the devices and view their security footage over the internet. Unfortunately, many are left configured with default credentials, making them low-hanging fruit for bot herders. Most of these devices run some flavor of embedded Linux. When combined with the bandwidth required to stream video, they provide a potent class of DDoS bots.

Based on the 2015 “Worldwide Infrastructure Security Report,” researchers from Arbor Networks, the cyber security division of NETSCOUT, reported that the largest attack reported by a respondent in 2015 was 500 Gbps.

According to Arbor Networks, DDoS attacks against users remain the most common cybersecurity threat. Two-thirds of the respondents of the Arbor Networks’ report estimate that the cost of internet downtime was per minute.

Featured image from Shutterstock.