SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
10 May 2017

Persirai: New Internet of Things botnet targets IP cameras

Security researchers have discovered a new Internet of Things (IoT) botnet dubbed Persirai targeting more than 1,000 different Internet Protocol (IP) camera models.

According to Trend Micro, around 120,000 IP cameras are vulnerable to the malicious malware with many unsuspecting owners unaware that their devices are exposed to the internet.

The researchers said this makes it easier for the attackers behind the new malware to infiltrate the IP camera's web interface via TCP Port 81. "IP cameras typically use Universal Plug and Play (UPnP), which are network protocols that allow devices to open a port on the router and act like a server, making them highly visible targets for IoT malware," the researchers wrote in a blog post on Tuesday. Once a hacker logs into the vulnerable device's interface, the attacker can then perform a command injection to force the IP camera to connect to a download site to issue commands that download and execute malicious shell scripts.

After the samples are downloaded and executed, the malware deletes itself and runs only in memory, the researchers said. It also blocks the zero-day exploit to prevent other bad actors from targeting the infected IP camera.

The camera will then report to remote C&C servers, receive commands and automatically start attacking other IP cameras as well by exploiting a recently disclosed zero-day vulnerability. "Attackers exploiting this vulnerability will be able to get the password file from the user, providing them the means to do command injections regardless of password strength," the researchers said. "The IP camera will then receive a command from the C&C server, instructing it to perform a DDoS attack on other computers via User Datagram Protocol (UDP) floods."

The researchers said the C&C servers were found to be using the .IR address code. "This specific country code is managed by an Iranian research institute which restricts it to Iranians only," Trend Micro said. "We also found some special Persian characters which the malware author used."

The latest research comes after the infamous malicious open-source backdoor malware Mirai enslaved millions of insecure IoT devices to launch large-scale DDoS attacks in 2016. The researchers pointed out that Mirai's "open-source nature gave it the potential to act as the core template upon which future IoT-centric malware will be built upon".

"As the Internet of Things gains traction with ordinary users, cybercriminals may choose to move away from Network Time Protocol (NTP) and Domain Name System (DNS) servers for DDoS attacks, instead concentrating on vulnerable devices — an issue compounded by users that practise lax security measures," the researchers warned. "A large number of these attacks were caused by the use of the default password in the device interface."

Trend Micro advises users to change their default passwords to stronger ones as soon as possible. To address the password-stealing vulnerability in IP cameras, users should disable UPnP on their routers to "prevent devices within the network from opening ports to the external internet without any warning".

"The burden of IoT security does not rest on the user alone," the researchers said. "It's also dependent on the vendors themselves, as they should be the ones responsible for making sure that their devices are secure and always updated. In line with this, users should make sure that their devices are always updated with the latest firmware to minimise the chance of vulnerability exploits."


Download SafeUM — communicate privately, without advertising and spam.

Tags:
information leaks Internet of Things trends
Source:
IBTimes
1883
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015