Huge botnet leveraged thousands of Internet-connected CCTV cameras for DDoS attack

Some infosec pros dismiss worries about the Internet of Things if many devices don’t store or transmit personal information. But there are other ways attackers can leverage devices connected to the Internet — as sources for distributed denial of service (DDoS) attacks.

Security vendor Securi Inc. described the latest use on Monday, one that used thousands of Web-connected CCTV cameras with over 25,000 unique IP addresses in 105 countries. Described by the company as a variation of the HTTP flood and cache bypass attack, 24 per cent of the IP addresses were in Taiwan and 12 per cent in the U.S.

Combined the botnet threw out 50,000 HTTP requests per second over several days. Securi came across the attack from one of the victims, a small jewelry store.

The majority of the cameras (48 per cent) had the default H.264 DVR logos, says Securi, but the others had modified branding to match the company that built or sold it. All these devices are based on BusyBox, a Linux OS for embedded devices.

Securi speculates the cameras were attacked using a remote code execution vulnerability first discovered in late 2104 that affected 70 camera makers. In the fall of that year Incapsula reported a botnet of some 900 CCTV cameras from around the world had been discovered targeting what was described as a “rarely-used asset of a large cloud service, catering to millions of users worldwide.” Again, all devices were running BusyBox.

Securi researchers said attackers used random search referrers from sites including Google, USA Today and Engadget and user-agent combinations in an effort to emulate normal browser behavior.

Sucuri CTO and founder Daniel Cid urges online camera users and vendors to make sure their devices are fully patched and isolated from the Internet. “Actually,” he adds, “not just your online camera, but any device that has Internet access (from DNS resolvers, to NTP servers, and so on).”

In its blog Incapsula reminded infosec pros on the importance of changing default passwords of Internet-connected devices.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Featured Articles

Empowering the hybrid workforce: how technology can build a better employee experience

Across the country, employees from organizations of all sizes expect flexibility...

What’s behind the best customer experience: How to make it real for your business

The best customer experience – the kind that builds businesses and...

Overcoming the obstacles to optimized operations

Network-driven optimization is a top priority for many Canadian business leaders...

Thriving amid Canada’s tech talent shortage

With today’s tight labour market, rising customer demands, fast-evolving cyber threats...

Staying protected and compliant in an evolving IT landscape

Canadian businesses have changed remarkably and quickly over the last few...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now