Vicious Malware Enlists Linux-Based Security Cameras For DDoS Botnet

It's hard to argue that "Internet of Things" (IoT) devices can enrich our lives. From making it easier to moderate temperature in our homes to securing them, IoT is going to be a big part of our future. Unfortunately, that does lead to one problem: as more and more devices get rolled out, the inevitability is that we're going to encounter more and more vulnerabilities.

Once such example is with security cameras, of which security firm Incapsula estimates there are 245 million operating around the world. This isn't the first time vulnerabilities have been discovered with such cameras. Back in 2013, TRENDnet came under fire from the FTC for selling security cameras that forgot to include the "secure" component.


The same firm warned about issues last March as it witnessed a 240% increase in botnet activity on its network. Fast-forward to today, and it's still seeing a lot of activity. The firm reports that one of its clients were recently targeted by repeated HTTP flood attacks, making use of security cameras to peak at 20,000 requests per second.

Incapsula considers this attack to be "run of the mill", and that all of the CCTVs were exploited due to the fact that their login credentials were left default. Humorously, the firm was able to access some of these guilty cameras, and happened to find that some were close to its offices.


The firm ended up reaching out to the owners of some of the CCTVs to tell them of the problem, but it's clear that a lot more needs to be done. IP camera makers should at the very least make sure that the user is aware that the default credentials should not be used, and perhaps a step could be added to the production that applies a unique password to each device which would be included on a leaflet with the product.

If you own an IP camera and haven't changed the default username and password, we'd recommend getting on remedying that!