25,000 malware-riddled CCTV cameras form network-crashing botnet
Watching us and borking you
A massive network of hacked CCTV cameras is being used to bring down computers around the world, we're told.
The unusual 25,000-strong botnet was apparently spotted by US security outfit Sucuri when it investigated an online assault against an ordinary jewelry store.
The shop's website was flooded offline after drowning in 35,000 junk HTTP requests per second. When Sucuri attempted to thwart the network tsunami, the botnet stepped up its output and dumped more than 50,000 HTTP requests per second on the store's website.
When the security biz dug into the source of the duff packets, it found they were all coming from internet-connected CCTV cameras – devices that had been remotely hijacked by miscreants to attack other systems.
"It is not new that attackers have been using IoT devices to start their DDoS campaigns, however, we have not analyzed one that leveraged only CCTV devices and was still able to generate this quantity of requests for so long," said Daniel Cid, CTO of Sucuri.
"As we extracted the geo-location from the IP addresses generating the DDoS, we noticed that they were coming from all over the world, different countries and networks. A total of 25,513 unique IP addresses came within a couple of hours."
Around a quarter of the remote-controlled malware-infected cameras were located in Taiwan, with another 12 per cent in the US and just under 10 per cent in Indonesia. In all, infected systems were found in 105 countries and all were used in the attacks. While CCTV botnets aren't new, this is believed to be the largest yet found.
Exactly how the cameras were infected isn't yet known, although an early analysis points the finger of blame at a security hole in DVR boxes used by many CCTV cameras. The remote-code execution vulnerability was discovered in March; sadly, CCTVs aren't high on the patching priority list of most admins.
There's not a lot victims can do to avoid this botnet other than buying more internet-facing bandwidth or putting their servers behind large anti-DDoS services. The only way to truly stop the assaults is to get the camera operators to patch their own systems.
With the Internet of Things growing, this problem is only going to get worse. ®