A new security research released by Incapsula has revealed that hundreds of surveillance cameras are being used to perpetrate a massive disruption of Internet services through a network of botnets.
The findings lead to the conclusion that cyber attackers have easier methods of hacking surveillance cameras that are left in their default settings – a configuration set at the factory level. Users are supposed to change default configurations, but instead the researchers found that this is often disregarded in most surveillance cameras purchased worldwide.
These cyber criminals use these surveillance cameras in order to complete their fleet of botnets that are responsible for spreading their attacks and any other malicious activities online. These botnets are what cause denial-of-service attacks that interrupt online services and to a certain degree take down websites by driving a huge traffic to that site.
Surveillance cameras are now easier than ever to target because they are connected in what is casually called the Internet of Things – a universe of connected devices and appliances. Since these types of cameras are a component of botnets that rely on IoT, it is not surprising that CCTVs were the major contributors to the sharp increase in botnet activities in 2014 worldwide.
The Incapsula team accidentally discovered that most of the IPs used to launch online service disruptions in the past year belong to surveillance cameras. There was a remarkable uptake in traffic through these connected cameras due in a major way to factory set configurations that cyber crooks easily maneuvered.
In all of these compromised cameras, the BusyBox Unix utility bundle has been found. A kind of malware was then used to scan the network devices since that malware only works on cameras that have the BusyBox installed in them.
The malware will go on to look for Telnet systems that can be brute forced after the device has been discovered through the malware. It is from there that a DDoS attack can be launched.
The researchers can confirm that the cameras have been subjected as botnets since the cameras were logged from various locations, demonstrating further that cyber attackers can now easily locate and target surveillance cameras anytime they want to and in whatever location.
The only way for now to at least reduce the severity of these botnets would be to alter the factory settings of surveillance cameras in order to prevent hackers from gaining access to the devices. For example, some CCTVs come with a default username and password. These credentials must be changed for security.
