Researchers at Incapsula have discovered a botnet that runs on compromised CCTV cameras. There are hundreds of millions, if not billions, of these in the field, and like many Internet of Things devices, their security is an afterthought and not fit for purpose.
The botnet that Incapsula discovered was being used to direct HTTP flood attacks at 20,000 requests per second, originating from 900 CCTVs all over Earth. The researchers have identified another botnet running on network attached storage devices.
While the botnets running on these devices don't harm their owners very much (apart from using up some of their bandwidth), the fact that cameras aimed at potentially sensitive locations and drives holding sensitive data are being compromised at scale by Internet-based attackers suggests some ways in which the owners of these devices could also be victimized by their lack of security.
All compromised devices were running embedded Linux with BusyBox—a package of striped-down common Unix utilities bundled into a small executable, designed for systems with limited resources.
The malware we found inside them was an ELF binary for ARM named (.btce) a variant of the ELF_BASHLITE (a.k.a. Lightaidra and GayFgt) malware that scans for network devices running on BusyBox, looking for open Telnet/SSH services that are susceptible to brute force dictionary attacks.
CCTV Botnet In Our Own Back Yard [Ofer Gayer, Or Wilder, Igal Zeifman/Incapsula]
A hacker calling themself Light Leafon who claims to be a 14-year-old is responsible for a new IoT worm called Silex that targets any Unix-like system by attempting a login with default credentials; upon gaining access, the malware enumerates all mounted disks and writes to them from /dev/random until they are filled, then it deletes […]
The security firm Cybereason says that it has identified a likely state-sponsored attack on ten global mobile phone networks that they have attributed to "the Chinese-affiliated threat actor APT10," which has been "underway for years."
One of the griftiest corners of late-stage capitalism is the "public safety" industry, in which military contractors realize they can expand their market by peddling overpriced garbage to schools, cities, public transit systems, hospitals, etc -- which is how the "aggression detection" industry emerged, selling microphones whose "machine learning" backends are supposed to be able […]
When it comes to large computer systems, not one of them is fully secure. Even with constant updates to the platforms that keep vital networks humming, there’s always a back door. And companies are willing to pay handsomely to effective bouncers that can keep an eye on them. Call them ethical hackers or white hat […]
So you’ve visited the Kennedy Space Center every year. You’ve watched “The Right Stuff” for the 95th time. There must be something to do while you’re waiting to join Space Force for the next manned mission to Mars or the moon. Here’s a combo that should raise a salute from any fan of space or […]
Looking for a new tablet? If you haven’t upgraded in a while, it might be time to check out the latest iPad Pro for two very good reasons. First, the 2018 model is a real workhorse. The 12X Bionic chip processor means it can handle any task you set out for it, and still have […]