Insecure security cameras, DVRs behind huge DDoS botnet

Content delivery network Akamai has been under the microscope lately for seemingly abandoning security writer Brian Krebs, whose site suffered a huge distributed denial of service attack last month.

The site had been getting free DDoS mitigation protection from Akamai and its sister company, Prolexic, but after taking a pounding of over 620 Gbps from two botnets of Internet of Things devices, Akamai let Krebs know he had two hours to shift off its network. Generously, Krebs doesn’t fault the provider, given that the mitigation was starting to cause trouble for paying customers.

This week Akamai published a small defence of its action, but more importantly described one of the botnets, known either as Kaiten or Mirai, which offers lessons not only for CISOs but also companies that make anything that connects to the Internet. “The majority of these devices were identified as security cameras and DVRs and were used in “Small Office/Home Office” setups,” says Akamai.  “We’ve confirmed that many of these devices use either easily guessable (admin, password, 1234) usernames and passwords or the default passwords originally configured on the devices. Additionally, the attack included a substantial amount of traffic connecting directly from the botnet to the target, rather than reflected and/or amplified traffic, as seen in recent large attacks using NTP and DNS vulnerabilities.”

These botnets get assembled by attackers with automated scanners that roam the Internet looking for insecure devices.

An  earlier report on Mirai found that roughly 100,000 total login attempts were made from more than 1,800 IP’s around the world, mainly in China (64 per cent), Colombia (13 per cent) and South Korea and Vietnam (six per cent). The most attacked protocols were SSH (57 per cent) and Telnet (42 per cent). The top usernames were root (75 per cent), admin (10 per cent), shell and sh (six per cent each).

But the huge attacks last month showed a different spread of sources, with upwards of one-third of the traffic coming from North America and roughly half from Europe, the Middle East and Asia.

The most common login attempts were for Internet ­connected surveillance cameras and associated DVR units.

DDoS attacks used to be thought of as largely a nuisance. But Krebs points out they can be used to run someone off the Internet and therefore be a tool for censorship. In the hands of a malicious person or group, these attacks can also put a company out of business.

So again the call goes out for manufacturers of ANY device that connects to the Internet to find ways to ensure users can’t use default or simple passwords on devices. The problem of re-using passwords on multiple sites is a matter of persistent user education.

More bad news: The source code for the Mirai botnet has been published, which, as Krebs notes, guarantees that more attacks from insecure devices are coming.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now