New Botnet Threatens IP Cameras

The botnet’s discovery follows the largest Distributed Denial of Service attack in history involving IoT devices.

The following article originally ran in Campus Safety’s sister publication Security Sales & Integration.

Trend Micro just revealed it has discovered a new botnet called Persirai that is targeting over 1,000 IP camera models.

All 122,069 vulnerable IP cameras can be discovered via the IoT search engine Shodan.

This latest botnet comes after malware known as Mirai enslaved IoT devices last fall in what was the world’s largest ever Distributed Denial of Service (DDoS) attack.

The Persirai botnet works by accessing vulnerable IP cameras by the open port on the user’s router and acting like a server, then performing a command injection to force the camera to connect to a download site which will execute a malicious script shell and install malware onto the camera, roping it into the botnet, according to ZDNet.

This allows the cameras to carry out DDoS attacks against target networks, overloading them and causing massive Internet outages such as the ones that occurred last year.

Persirai’s developers have also reportedly taken the step of blocking the exploit they use in order to prevent other attackers from targeting the camera and keep the infected device to themselves.

This is all possible because of manufacturers releasing IoT devices with default login credentials. This allows for anyone with a list of generic admin names and passwords to look up your IP camera and exploit it.

Keep yourself safe and make sure your internet-connected devices have strong passwords. Trend Micro says users should also disable Universal Plug and Play (UPnP) on their routers to prevent devices within the network from opening ports to the external Internet without any warning.

Below is a diagram by Trend Micro illustrating how the Persirai botnet works.


Read More Articles Like This… With A FREE Subscription

Campus Safety magazine is another great resource for public safety, security and emergency management professionals. It covers all aspects of campus safety, including access control, video surveillance, mass notification and security staff practices. Whether you work in K-12, higher ed, a hospital or corporation, Campus Safety magazine is here to help you do your job better!

Get your free subscription today!

Get Our Newsletters
Campus Safety Online Summit Registration Promo Campus Safety HQ