Hacked DVRs Surge To 400,000

By: Brian Karas, Published on Oct 19, 2016

The global internet is under attack from record breaking botnets. And it is getting worse, Mirai doubled in size in the last month.

Shamefully, the video surveillance industry is mostly to blame.

New Mirai Research

New research from Level 3 provides deeper insight into Mirai:

Prior to the Mirai source code release, we identified approximately 213,000 bots using this method.  Since the code release, multiple new Mirai botnets have accumulated an additional 280,000 bots, bringing the count of Mirai bots to 493,000.  The true number of actual bots may be higher based on an incomplete view of the infrastructure.

This would be bad enough, but the security industry, at the center of this growth, gets a black eye:

The majority of these bots are DVRs (>80percent)

And if you think these bots are outside of the US, in some country with unskilled installers leaving ports open you are wrong:

The highest fraction of devices used are located in the United States (29 percent) 

Level 3 Overview

Get Notified of Video Surveillance Breaking News
Get Notified of Video Surveillance Breaking News

Level 3 is a global network communications company, connecting the core of the internet, which also gives them an ability to observe and analyze internet traffic patterns. When botnets erupt, Level 3 inadvertently becomes becomes a pawn in their game, but they also get an ability to deconstruct how the botnet is propagating and being controlled.

The Problem Will Not Go Away On Its Own

Attackers have recognized that IoT devices, particularly DVRs, NVRs, security cameras, and related devices make ideal targets, in some cases the same device is exploited by multiple malware variants:

Of the hosts we are confident have been assimilated by the Mirai botnet, 24 percent of them overlap with bots known to be used in gafgyt attacks.  Such a high overlap indicates that multiple malware families are targeting the same pool of vulnerable IoT devices.

Gafgyt is an earlier botnet that Mirai is suspected to be based on.

As long as these devices remain insecure and exploitable, there is every reason to believe they will continue to be taken over by botnet malware, and that the complexity of the malware will evolve, possibly to scan local networks for other exploitable devices that do not have inbound ports open, but can communicate outbound as attackers.

Botnet Scanners Do Not Discriminate

The Mirai botnet relies heavily on Dahua and XiongMai, but a similar botnet could be built on exploitable Axis cameras, or ADI/Tri-Ed cameras that have not been upgraded

Test Your Network

An Nmap scan of your network can help identify open ports like telnet (port 23) or SSH (port 22) that typically are used by botnets for infection, and generally are not required for standard camera/recorder access. Our Nmap tutorial shows how to use Nmap and interpret the results.

Security Integrators Need To Take Action

Although security integrators may be able to justify ignoring Mirai, they are the best chance for stopping it from doubling in size yet again. Manufacturers are shipping exploitable products, and customers (especially those without dedicated IT departments) do not always understand the risks of connecting camera and recorders to the internet. This leaves the integrator stuck in the middle, as they often are, as the best resource to solve this problem and help save the reputation of the industry.

 

Vote

Comments (36) : Members only. Login. or Join.

Related Reports

Video Surveillance History on May 06, 2020
The video surveillance market has changed significantly since 2000, going from VCRs to an emerging AI cloud era and now impacted by...
Camera Analytics Shootout 2020 - Avigilon, Axis, Bosch, Dahua, Hanwha, Hikvision, Uniview, Vivotek on Jan 22, 2020
Analytics are hot again, thanks to a slew of AI-powered cameras, but whose analytics really work? And how do these new smart cameras compare to top...
Uniview Deep Learning Camera Tested on Jul 14, 2020
Uniview's intrusion analytics have performed poorly in our shootouts. Now, they have released their Prime Series Deep Learning cameras, with an...
Favorite Video Analytic Manufacturers 2020 on Feb 25, 2020
Video analytics is now as hot as ever, driven by the excitement of advancing deep learning offers. But what are actually integrator's...
Cisco Video Surveillance Is Dead, Long Live Cisco Meraki Video Surveillance on Feb 11, 2020
A dozen years ago much of the industry thought that Cisco was destined to dominate video surveillance. They stumbled repeatedly, failing. Now it is...
Directory of 95 Video Surveillance Startups on May 20, 2020
This directory provides a list of video surveillance startups to help you see and research what companies are new or not yet broadly...
Bottom: Integrators Start To Stand Vs Coronavirus on Apr 20, 2020
Good news - IPVM integrator statistics show that while coronavirus has hit integrators hard, it is now bottoming out and starting to...
Camera Resolution Usage Statistics 2020 on Mar 12, 2020
The average resolution used, for new cameras, is now 4MP, according to new IPVM statistics, continuing the rise that we have mapped from 2014,...
Intersec 2020 Final Show Report on Jan 21, 2020
IPVM spent all 3 days at the Intersec 2020 show interviewing various companies and finding key trends. We cover: Middle East Enterprise...
Worst NVR / VMS Manufacturers 2020 on Feb 10, 2020
For the second time in a row, a global manufacturer has been selected by integrators. 200+ integrators answered: In the past year, what VMS /...

Most Recent Industry Reports

Camera Course Summer 2020 - Last Chance on Jul 15, 2020
Thursday, July 16th is your last chance to register for the Summer 2020 Camera Course. This is the only independent surveillance camera course,...
Bias In Facial Recognition Varies By Country, NIST Report Shows on Jul 15, 2020
While many argue that face recognition is inherently racist, results from one of the most extensive studies done on demographic bias in AI, the...
Video Surveillance 101 July Course - Last Chance on Jul 15, 2020
Friday, July 17th is your last chance to sign up for the July 2020 Video Surveillance 101 Course. This 2-day course is designed to help those new...
Brazil Assembly Powers Hikvision Local Expansion on Jul 15, 2020
Hikvision has grown considerably in Brazil ever since the 2017 opening of an assembly operation in a free-trade zone in the middle of the Brazilian...
50+ Security Industry Companies Take $40 Million PPP Funding on Jul 15, 2020
50+ security industry companies have taken more than $40 million in PPP funds, IPVM has confirmed from US government records. Inside this...
Uniview Deep Learning Camera Tested on Jul 14, 2020
Uniview's intrusion analytics have performed poorly in our shootouts. Now, they have released their Prime Series Deep Learning cameras, with an...
Drako's Companies (Brivo, Eagle Eye) Take $4+ Million in PPP Funds on Jul 14, 2020
While centimillionaire Dean Drako is the owner of two of the largest SaaS businesses in the security industry (Brivo and Eagle Eye), Drako's...
Defendry Presents AI Active Shooter Security System on Jul 14, 2020
Defendry presented its Active Shooter security system at the May 2020 IPVM Startups show. A 30-minute video from Defendry including IPVM...
Ban Rules Released: Use Dahua or Hikvision, No US Government Contracts on Jul 13, 2020
The US government has released the rules implementing the "Prohibition on Contracting with Entities Using" Dahua, Hikvision, and Huawei based...
JCI Sues Genetec For Patent Infringement on Jul 13, 2020
Surprisingly, security giant JCI has sued their partner, security software developer Genetec, for patent infringement. Inside this note,...