New research from Imperva has revealed that CCTV
November 2015 by Imperva
CCTV cameras are among the most common Internet-of-Things (IoT) devices
and Imperva first warned about CCTV botnets in March 2014. In this latest attack, Imperva was
particularly surprised to find it was originating from a shopping mall
five minutes from their offices. This leads Imperva to believe that
these attacks are happening more often than people are aware of and that
potentially millions more CCTV cameras in popular destinations have
already been compromised.
Imperva has produced a blog which details its findings,
however key findings can be found below:
The attack was run of the mill, peaking at 20,000 requests per second
(RPS). The surprise came later when, upon combing through the list of
attacking IPs, Imperva discovered that some of the originating devices
were located right in their own back yard. Looking through the camera
lens Imperva spotted a familiar sight—a storefront in a mall located not
five minutes away from their offices.
The assault consisted of HTTP GET floods that peaked at around 20,000
RPS, with its traffic originating from roughly 900 CCTV cameras spread
around the globe. Their target was a rarely-used asset of a large cloud
service, catering to millions of users worldwide.
In sharing this story, Imperva hopes to raise awareness about the
importance of basic security practices—as well as the threat posed by
unsecured connected devices. Whether it be a router, a Wi-Fi access
point or a CCTV camera, default factory credentials are only there to be
changed upon installation.