Express Computer
Home  »  IoT  »  Trend Micro researchers discover new IoT botnet that targets IP cameras

Trend Micro researchers discover new IoT botnet that targets IP cameras

0 427

A new Internet of Things (IoT) botnet called Persirai has been detected by Trend Micro researchers. The botnet has been discovered targeting over 1,000 Internet Protocol (IP) Camera models based on various Original Equipment Manufacturer (OEM) products. Trend Micro said that this development comes on the heels of Mirai—an open-source backdoor malware that caused some of the most notable incidents of 2016 via Distributed Denial-of-Service (DDoS) attacks that compromised IoT devices such as Digital Video Recorders (DVRs) and CCTV cameras—as well as the Hajime botnet.

The botnet makes it easy for the perpetrators behind the malware to gain access to the IP Camera web interface via TCP Port 81. IP Cameras typically use Universal Plug and Play (UPnP), which are network protocols that allow devices to open a port on the router and act like a server, making them highly visible targets for IoT malware. After logging into the vulnerable interface, the attacker can perform a command injection to force the IP Camera to connect to a download site. After the samples are downloaded and executed, the malware deletes itself and will only run in memory.

After receiving commands from the server, the IP Camera will then start automatically attacking other IP Cameras by exploiting a zero-day vulnerability that was made public a few months ago. Attackers exploiting this vulnerability will be able to get the password file from the user, providing them the means to do command injections regardless of password strength.

The IP Camera will then receive a command from the C&C server, instructing it to perform a DDoS attack on other computers. In the blog post citing this attack, Trend Micro notes, “As the Internet of Things gains traction with ordinary users, cybercriminals may choose to move away from Network Time Protocol (NTP) and Domain Name System (DNS) servers for DDoS attacks, instead concentrating on vulnerable devices—an issue compounded by users that practice lax security measures.”

As a large number of these attacks were caused by the use of the default password in the device interface, Trend Micro says that users should change their default password as soon as possible and use a strong password for their devices. IP Camera owners should also implement other steps to ensure that their devices are protected from external attacks. In addition to using a strong password, users should also disable UPnP on their routers to prevent devices within the network from opening ports to the external Internet without any warning.

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image