Botnet of 25,000 Cameras Located in 105 Countries Launches Massive DDoS Attacks

Rafia Shaikh
Posted Jun 29, 2016
31Shares
Share Tweet Submit

A distributed denial-of-service botnet has been discovered that is made up of over 25,000 internet-connected CCTV devices, continuing its attack for over several days.

CCTV botnet used to launch DDoS attack

We are seeing Internet of Things (IoT) devices launching left and right. But, security researchers have long warned that this relatively new and increasingly invasive technology comes with its own share of security issues. Thanks to a lack of security features and a proper process that could release security updates to these devices, it is difficult to call these Internet-connected devices secure. From smart refrigerators to cameras and home assistants, the technology is being adapted in every corner of our living room, but is it secure enough?

These devices are routinely hacked by criminals, and in one such incident, we are looking at a massive DDoS botnet, made up of 25,513 Internet-connected closed circuit TV (CCTV) devices. Researchers at Security firm Sucuri came across this malicious botnet network when they were trying to defend a small jewelry shop. “It all started with a small brick and mortar jewelry shop that signed up with us to help protect their site from a DDoS that had taken them down for days,” Sucuri says. Defending the site against a distributed denial-of-service attack, the firm soon realized that this was a massive assault that delivered almost 35,000 HTTP requests per second.

The attack was further intensified when Sucuri tried to neutralize it, crossing the number of requests to 50,000 per second. Curious about the attack, Sucuri later learned that the individual devices involved in this DDoS botnet were CCTV cameras that were connected to more than 25,000 different IP addresses, located in over 105 countries around the world!

It is not new that attackers have been using IoT devices to start their DDoS campaigns, however, we have not analyzed one that leveraged only CCTV devices and was still able to generate this quantity of requests for so long. – Sucuri CTO Daniel Cid

Launching a massive layer 7 attack, researchers are still wondering how the attackers managed to enslave such a large number of devices. Sucuri speculates that they might have been hacked exploiting a recently disclosed RCE (remote code execution) vulnerability in CCTV-DVR. Whatever vulnerability was exploited, it did give criminals the power over 25,000 geographically dispersed devices that is hard to be taken down.

We have seen mass attacks that have used Internet of Things devices in the past. Hijacking CCTV cameras is also not a first. But, the latest incident does remind us again of the inherent lack of security that accompanies most of the currently available IoT devices, making them the perfect weapons for criminal activities, which could go far beyond DDoS attacks.

Share Tweet Submit