The Internet of Things (IoT) is growing at an incredibly fast pace, and as expected, so are security threats against them. But we’re now seeing hackers exploiting security weaknesses in these devices to conduct massive coordinated attacks against popular websites as well.
From Smart TVs executing massive spam campaigns to printers and set-top-boxes launching sophisticated DDoS attacks, no device is safe.
Recently, cyber attackers have been hacking into network CCTV cameras and forming massive botnets that can blow even large sites out of the water with Distributed Denial of Service (DDoS) attacks.
For example, researchers at security firm Sucuri recently found a sophisticated botnet of more than 25,000 CCTV cameras being used to launch attacks on business globally. The information was published on the Sucuri website, which revealed the existence of the large botnet consisting primarily of surveillance and closed circuit television cameras.
The botnet was discovered during an attack on small jewelry store that was being monitored by Sucuri. The denial of service attack was carried out at the application layer (layer 7), simply using the HTTP protocol, and generated over 35,000 requests per second (taking the origin server down).
The site was taken offline, and shortly after coming back online, a second attack of greater intensity began. According to the report, in the second stage, there was a peak of 50,000 HTTP requests per second. The attack was maintained for several days.
This is not an isolated incident either. Investigators have recorded over 26,000 unique IP addresses belonging to surveillance cameras around the world. As you can see in the chart below, 24% of registered IPs belong to devices located in Taiwan, with the United States in second at 12%.
According Sucuri’s report, most HTTP requests to the equipment sent back a page which contained the text “DVD Components Download.”
Daniel Cid, founder of Sucuri, stated on the company blog that surveillance cameras are a prime target for hackers because they often have little to no protection against online security threats and owners are often slow to install software updates or update their passwords. Buyers of said equipment typically install them hastily without any security system in place and often using the default (and publicly available) password.
This is not the first time we’ve covered CCTV camera networks launching sophisticated DDoS attacks. Late last year, Incapsula warned of a major CCTV cameras DDoS botnet run by embedded version of Linux and BusyBox toolkit.
It is becoming painfully clear that as IoT continues to grow in the coming years it will become an increasingly large security threat to all internet users.