Hacked DVRs Surge To 400,000

Author: Brian Karas, Published on Oct 19, 2016

The global internet is under attack from record breaking botnets. And it is getting worse, Mirai doubled in size in the last month.

Shamefully, the video surveillance industry is mostly to blame.

New Mirai Research

New research from Level 3 provides deeper insight into Mirai:

Prior to the Mirai source code release, we identified approximately 213,000 bots using this method.  Since the code release, multiple new Mirai botnets have accumulated an additional 280,000 bots, bringing the count of Mirai bots to 493,000.  The true number of actual bots may be higher based on an incomplete view of the infrastructure.

This would be bad enough, but the security industry, at the center of this growth, gets a black eye:

The majority of these bots are DVRs (>80percent)

And if you think these bots are outside of the US, in some country with unskilled installers leaving ports open you are wrong:

The highest fraction of devices used are located in the United States (29 percent) 

Level 3 Overview

Get Video Surveillance News In Your Inbox
Get Video Surveillance News In Your Inbox

Level 3 is a global network communications company, connecting the core of the internet, which also gives them an ability to observe and analyze internet traffic patterns. When botnets erupt, Level 3 inadvertently becomes becomes a pawn in their game, but they also get an ability to deconstruct how the botnet is propagating and being controlled.

The Problem Will Not Go Away On Its Own

Attackers have recognized that IoT devices, particularly DVRs, NVRs, security cameras, and related devices make ideal targets, in some cases the same device is exploited by multiple malware variants:

Of the hosts we are confident have been assimilated by the Mirai botnet, 24 percent of them overlap with bots known to be used in gafgyt attacks.  Such a high overlap indicates that multiple malware families are targeting the same pool of vulnerable IoT devices.

Gafgyt is an earlier botnet that Mirai is suspected to be based on.

As long as these devices remain insecure and exploitable, there is every reason to believe they will continue to be taken over by botnet malware, and that the complexity of the malware will evolve, possibly to scan local networks for other exploitable devices that do not have inbound ports open, but can communicate outbound as attackers.

Botnet Scanners Do Not Discriminate

The Mirai botnet relies heavily on Dahua and XiongMai, but a similar botnet could be built on exploitable Axis cameras, or ADI/Tri-Ed cameras that have not been upgraded

Test Your Network

An Nmap scan of your network can help identify open ports like telnet (port 23) or SSH (port 22) that typically are used by botnets for infection, and generally are not required for standard camera/recorder access. Our Nmap tutorial shows how to use Nmap and interpret the results.

Security Integrators Need To Take Action

Although security integrators may be able to justify ignoring Mirai, they are the best chance for stopping it from doubling in size yet again. Manufacturers are shipping exploitable products, and customers (especially those without dedicated IT departments) do not always understand the risks of connecting camera and recorders to the internet. This leaves the integrator stuck in the middle, as they often are, as the best resource to solve this problem and help save the reputation of the industry.



Comments (37): PRO Members only. Login. or Join.

Related Reports on Hacking

Hikvision HQ Contradicts Cybersecurity Director on Mar 07, 2018
Hikvision HQ has contradicted Hikvision USA's Director of Cybersecurity, Chuck Davis. Davis - Don't Put Cameras On The Internet Davis made a...
New Whole Foods Installs Hackable Access Control (Upgraded) on Feb 21, 2018
Whole Foods has built a reputation for high quality. And their 2017 Amazon acquisition has increased that, plus added deep pockets for buying...
Remote Network Access for Video Surveillance Guide on Feb 21, 2018
Remotely accessing surveillance systems is key in 2018, with more and more users relying on mobile apps as their main way of operating the system....
IP Cameras Default Passwords Directory on Feb 09, 2018
Below is a directory of 50+ manufacturer's default passwords. Note: Change Default Passwords Leaving default passwords is dangerous and makes it...
Simplisafe 'All New' Generation 3 Tested on Feb 08, 2018
Feared by the traditional alarm industry, Simplisafe has launched its 'all new' Generation 3 platform that they declare is "Stronger. Faster....
Geovision Unprecedented Security Vulnerabilities And Backdoor on Feb 06, 2018
Cybersecurity vulnerabilities have plagued the video surveillance market. Now, Bashis, discover of the Dahua backdoor, has discovered 15...
US Congressional Hearing Features Hikvision on Jan 31, 2018
A US Congressional hearing asked questions about Hikvision's government ownership and cybersecurity issues, following the WSJ's investigations into...
Chinese Government Backdoor Spies on African Union Revealed on Jan 29, 2018
For 5 years, a Chinese government backdoor was used to spy on the African Union, according to a Le Monde investigative report. As is their...
Worst NVR / VMS Manufacturers 2018 on Jan 29, 2018
These are the manufacturers who integrators reported the most significant problems with. 220+ integrators answered: In the past year, what...
Hacked Hikvision IP Camera Map USA And Europe on Jan 22, 2018
The interactive map below shows a sample of hacked and vulnerable Hikvision IP cameras across the USA and Europe. Hover over a marker to see an...

Most Recent Industry Reports

May 2018 Camera Course on Mar 16, 2018
Our next course starts on May 8th. Register now for the Spring 2018 Camera Course This is the only independent surveillance camera course, based...
ADT Hammered Again, Loses Another Billion In Market Cap on Mar 16, 2018
ADT's CEO told investors that, 'in baseball terms', ADT was batting 5 for 5. But investors told ADT's CEO, 'in baseball terms', that he was...
Camera Form Factor Guide on Mar 16, 2018
When selecting surveillance cameras, users may choose from a number of different form factors, each with its own unique strengths and weaknesses,...
Free Trip To China - CCTV.Net / Univew on Mar 15, 2018
Pack your bags? 'Closer than you think'? Well, a non-stop flight from NYC to Shanghai is 15 hours plus another 100 miles to Hangzhou...
Rack Mounting NVRs Tutorial on Mar 15, 2018
Rack mounting recorders is common in professional systems, but manufacturers are making it difficult, with simple design failures causing multiple...
Access Control - Restricted Keys Guide on Mar 15, 2018
Not all doors, even in larger facilities, can justify using electronic access control. And even for doors that do have electronic access control,...
Network Addressing for Video Surveillance Guide on Mar 14, 2018
The goal of this guide is to explain addressing devices on IP networks, focusing on how IP cameras and recorders are used in those networks. For...
Panasonic Selling Off Security Camera Factory on Mar 14, 2018
Panasonic is OEMing cameras from Dahua, as IPVM testing confirmed in 2017. Now, Panasonic is selling their security camera factory, according to...
Favorite Electrified Locks 2018 on Mar 14, 2018
Electronic lock manufacturing is dominated by 3 conglomerates (alphabetically) Allegion, Assa and Dormakaba holding numerous electronic lock...
Hikvision Chairman Joins China National Government (NPC) on Mar 13, 2018
Hikvision Chairman and Communist Party Secretary Chen Xongnian has joined the People's Republic of China's government - the National People's...

The world's leading video surveillance information source, IPVM provides the best reporting, testing and training for 10,000+ members globally. Dedicated to independent and objective information, we uniquely refuse any and all advertisements, sponsorship and consulting from manufacturers.

About | FAQ | Contact