Today, most of the insecure embedded devices connected to the Internet like CCTV cameras, routers and often called as Internet of Things (IoT) are being targeted or hacked in any cyber attacks.
Imperiva Incapsula, a security firm, has revealed about a DDoS (distributed denial of service) attack. The attack was a traditional HTTP flood aimed at overloading a resource on a cloud service, but the malicious requests came from surveillance cameras or closed-circuit television (CCTV) cameras protecting businesses around the world instead of a typical computer botnet.
The researchers from the security firm posted in its blog informing about the attack which peaked at 20,000 requests per second and originated from around 900 CCTV cameras running embedded versions of Linux and the BusyBox toolkit.
All compromised devices were running embedded Linux with BusyBox—a package of striped-down common Unix utilities bundled into a small executable, designed for systems with limited resources.
“Further investigation of the offending IPs showed that they belonged to CCTV cameras, all accessible via their default login credentials. And that’s not all. Looking through the camera lens we also spotted a familiar sight—a storefront in a mall located not five minutes away from our offices,” they said in the blog post.
The researchers said that they were able to meet with the store owners, showed them how their CCTV cameras were abused to attack our clients and help them clean the malware from the infected camera’s hard drive.
They claim in the blog post that among the 245 million professionally installed surveillance cameras operating around the world. However, there are more than million that were installed by unqualified professionals, with even fewer security precautions.
“Even as we write this article, we are mitigating another IoT DDoS attack, this time from an NAS-based botnet. And yes, you guessed it, those were also compromised by brute-force dictionary attacks,” they added.
So, whether it is a router, a Wi-Fi access point or a CCTV camera, default factory credentials are there only to be changed upon installation.