When security firm Sucuri investigated the source of a 50,000-request/second DDoS attack on a jewelry shop, they discovered to their surprise that the attacks originated on a botnet made of hacked 25,500+ CCTV cameras in 105 countries.
These Internet of Things cameras were typical of IoT devices in that they ran with next to no security and inadequate patching systems. What's more, since they were always on and designed to transmit data over the public internet, they were especially powerful members of the botnet.
Sucuri researchers queried a sampling of the boxes and found that all of them showed they were running what was called the "Cross Web Server" that had a default Web page titled "DVR Components." The researchers later found the malicious IPs contained the company logos of resellers of CCTV services and that all the devices were running BusyBox, a collection of Unix-based utility tools that run on embedded devices. To make it harder to block the attack, the malicious devices had been programmed to emulate normal browser behavior by displaying a variety of common user agents, such as those associated with the Chrome, Internet Explorer, and Safari browsers. The hacked devices also displayed "referrers" falsely showing they had most recently visited sites including Engadget, Google, and USA Today.
Large botnet of CCTV devices knock the snot out of jewelry website
[Dan Goodin/Ars Technica]
(Image: Different Types of Cctv Cameras, Tamasflex, CC-BY-SA)
Battling Against Demeaning & Abusive Selfie Sharing (AKA the Badass Army) is an activist group founded by revenge porn survivor Katelyn Bowden to offer self-defense training against the tactics of traffickers in "involuntary pornography," particularly the loathsome denizens of Anon-IB.
Israeli security research firm CTS-Labs has published a white paper detailing nine flaws in AMD processors that they claim leave users open to devastating attacks with no mitigation strategies; these attacks include a range of manufacturer-installed backdoors.
Machine learning models use statistical analysis of historical data to predict future events: whether you are a good candidate for a loan, whether you will violate parole, or whether the thing in the road ahead is a stop sign or a moose.
The Nintendo Switch is king when it comes to gaming on the go, but it’s tough to lose yourself in Zelda: Breath of the Wild or Skyrim if your battery dies out. That’s where this Nintendo Switch Battery Charger Case comes into play. Built exclusively for Nintendo Switch, this pack allows for uninterrupted charging while you play, […]
Creative designers play a pivotal role in engaging target audiences and customers, and while companies are eager to bring more of these professionals on board, you’ll have a hard time getting your foot in the door if you’re not using the industry’s best tools. From Adobe to Maya, the eduCBA Design & Multimedia Lifetime Subscription Bundle […]
As more companies aim to reel in costs and boost productivity, project managers are becoming an essential part of many operations, and they’re paid handsomely for their expertise. But, while demand is high, you’ll have a hard time getting your foot in the door if you’re not toting the right certifications. The Official Lean Six Sigma […]