Menu
Attackers hijack CCTV cameras and network-attached storage devices to launch DDoS attacks

Attackers hijack CCTV cameras and network-attached storage devices to launch DDoS attacks

Default and weak credentials on embedded devices can lead to powerful botnets

We've reached a point that security researchers have long warned is coming: insecure embedded devices connected to the Internet are routinely being hacked and used in attacks.

The latest example is a distributed denial-of-service (DDoS) attack detected recently by security firm Imperva. It was a traditional HTTP flood aimed at overloading a resource on a cloud service, but the malicious requests came from surveillance cameras protecting businesses around the world instead of a typical computer botnet.

The attack peaked at 20,000 requests per second and originated from around 900 closed-circuit television (CCTV) cameras running embedded versions of Linux and the BusyBox toolkit, researchers from Imperva's Incapsula team said in a blog post Wednesday.

When analyzing one of the hijacked cameras that happened to be located in a store close to the team's office, the researchers found that it was infected with a variant of a known malware program designed for ARM versions of Linux that's known as Bashlite, Lightaidra or GayFgt.

While infecting computers with malware these days requires software exploits and social engineering, compromising the CCTV cameras that were used in this attack was very easy as they were all accessible over the Internet via Telnet or SSH with default or weak credentials.

Insecure out-of-the-box configurations are a common issue in the embedded device world and have been for a long time. In 2013, an anonymous researcher hijacked 420,000 Internet-accessible embedded devices that had default or no login passwords and used them in an experiment to map the whole Internet.

However, the problem is getting worse. The push by device manufacturers to connect things such as fridges or "smart" light bulbs to the Internet is largely done without consideration for security implications or an overhaul of outdated practices. As a result, the number of easily hackable embedded devices is growing fast.

Shortly after the CCTV camera-based attack was mitigated, a separate DDoS attack was detected that originated from a botnet of network-attached storage (NAS) devices, the Imperva researchers said. "And yes, you guessed it, those were also compromised by brute-force dictionary attacks."


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Featured

Slideshows

Reseller News Innovation Awards 2018: meet the top performing partners

Reseller News Innovation Awards 2018: meet the top performing partners

Reseller News honoured the industry’s finest on a standout evening for the New Zealand channel, recognising the achievements of established partners, emerging players and innovative start-ups, in front of over 460 technology leaders in Auckland.

Reseller News Innovation Awards 2018: meet the top performing partners
Champagne Reception kicks off Reseller News Innovation Awards 2018

Champagne Reception kicks off Reseller News Innovation Awards 2018

More than 460 channel leaders came together to toast the top performers of the New Zealand industry, during the opening Champagne Reception at the Reseller News Innovation Awards 2018 - in association with Techbuyer.

Champagne Reception kicks off Reseller News Innovation Awards 2018
Show Comments