IoT Botnet — 25,000 CCTV Cameras Hacked to launch DDoS Attack
The Internet of Things (IoTs) or Internet-connected devices are growing at an exponential rate and so are threats to them.
Due to the insecure implementation, these Internet-connected embedded devices, including Smart TVs, Refrigerators, Microwaves, Set-top boxes, Security Cameras and printers, are routinely being hacked and used as weapons in cyber attacks.
We have seen how hackers literally turned more than 100,000 Smart TVs and Refrigerator into the cyber weapon to send out millions of malicious spam emails for hacking campaigns; we have also seen how hackers abused printers and set-top-boxes to mine Bitcoins.
Due to the insecure implementation, these Internet-connected embedded devices, including Smart TVs, Refrigerators, Microwaves, Set-top boxes, Security Cameras and printers, are routinely being hacked and used as weapons in cyber attacks.
We have seen how hackers literally turned more than 100,000 Smart TVs and Refrigerator into the cyber weapon to send out millions of malicious spam emails for hacking campaigns; we have also seen how hackers abused printers and set-top-boxes to mine Bitcoins.
And now…
Cyber crooks are hacking CCTV cameras to form a massive botnet that can blow large websites off the Internet by launching Distributed Denial-of-service (DDoS) attacks.
Researchers at Security firm Sucuri came across a botnet of over 25,000 CCTV cameras targeting business around the globe while defending a small jewelry shop against a DDoS attack.
The jewelry shop website was flooded with almost 35,000 HTTP requests per second due to which its website was unreachable to legitimate users.
However, when Sucuri attempted to prevent the network flood by using a network addressing and routing system called Anycast, the botnet increased the number of HTTP requests on the store's website to more than 50,000 per second.
The attack researchers were talking about was a massive Layer 7 DDoS attack that overwhelmed Web servers, occupying their resources and crashing websites.
The DDoS attack continued for days, causing researchers curious about its origin. When they dug more, they discovered that the requests were coming from internet-connected CCTV cameras that had been remotely hijacked by cyber criminals to attack other services.
"It is not new that attackers have been using IoT devices to start their DDoS campaigns. However, we have not analyzed one that leveraged only CCTV devices and was still able to generate this quantity of requests for so long," said Sucuri CTO Daniel Cid.The IP addresses of CCTV boxes causing DDoS attack were coming from no fewer than 105 countries around the world. The Sucuri researchers noted a total of 25,513 unique IP addresses within few hours. Some of these addresses were IPv6.
This is not the first incident when hackers have hijacked CCTV cameras to launch DDoS attack against services. Late last year, Imperva's Incapsula team warned about a massive DDoS botnet of CCTV cameras running embedded versions of Linux and the BusyBox toolkit.
Since the Internet of Things is rapidly growing and changing the way we use technology, it drastically expands the attack surface, and when viewed from the vantage point of information security, IoT can be frightening.
Comments