Botnet attack sends web security experts around the world into tizzy
Hackers and people with malicious intent have been found to use CCTV cameras to carry out distributed denial-of-service (DDOS) attack against websites. A recent such case has been unearthed by researchers where 25000 internet-connected CCTV cameras were used to carry out the attack.
The horrendous event had come to the attention of some researchers from the web security firm Sucuri and the researchers have admitted to have been left flummoxed by the intensity level and speed of the attacks.
The probe further revealed that over 105 different locations were used in the world to launch the botnet attack and a whopping 50000 HTTP requests were being delivered by the botnet per second.
Sucuri researchers uncovered the trail of attacks when they were investigating a DDOS attack on a brick and mortar jewelry store.
Uniqueness of the attack
Sucuri has explained in their report that although they come across many such cases where DDOS attacks are conducted using IoT devices, this is the first time an attack has been seen to leverage only smart IoT CCTV cameras in a large quantity to send such a vast number of HTTP requests for such a long time.
The attackers were initially sending 35000 requests per second using a HTTP Flood attack. But after Sucuri managed to contain the attack by switching the DNS of the shop their own network, they thought the attackers would leave the site alone and move away. However, they were wrong. As soon, as the website was back live, the attacks grew in intensity and it reached to 50000 requests per second which was way more than what the website could handle. It also continued non-stop for days, which was the most unusual part.
Sucuri further said in their blog that 25513 unique IP addresses were used from 105 locations across the world initiate a type of attack which was a variation of HTTP flood and cache bypass attack. It was also noted that almost 5% of the IPs used were IPv6. Also, 46% of the security cameras used for the attacks had default H.264 DVR logos.
The source of the CCTV botnet attack were compromised CCTVs in multiple areas and the most were found in Taiwan followed by US, Indonesia, Mexico, Malaysia and few more which included Israel, France and Spain also.
Sucuri believes that it is possible that the attackers used a flaw in the remote code execution (RCE) in CCTV-DVR devices to launch these attacks. It was also reported in a research finding that 45000 DVR/ CCTVs were found to use the same hardcoded root password which made them more vulnerable to attacks. It is difficult to mitigate such attacks but placing CCTV-DVRs inside a VPN or behind a firewall could make them a little more secure.
FREE STREAMING GUIDE!
Get our free Netflix & Torrent Guide
Did you know that Australians miss out on HEAPS of content due to geo-blocking? Get our free online streaming guide to find out how to avoid these restrictions now + a bonus BitTorrent guide!