New Botnet Threatens IP Cameras

The botnet's discovery follows the largest Distributed Denial of Service attack in history involving IoT devices.
Published: May 15, 2017

The following article originally ran in Campus Safety’s sister publication Security Sales & Integration.

Trend Micro just revealed it has discovered a new botnet called Persirai that is targeting over 1,000 IP camera models.

All 122,069 vulnerable IP cameras can be discovered via the IoT search engine Shodan.

This latest botnet comes after malware known as Mirai enslaved IoT devices last fall in what was the world’s largest ever Distributed Denial of Service (DDoS) attack.

——Article Continues Below——

Get the latest industry news and research delivered directly to your inbox.

The Persirai botnet works by accessing vulnerable IP cameras by the open port on the user’s router and acting like a server, then performing a command injection to force the camera to connect to a download site which will execute a malicious script shell and install malware onto the camera, roping it into the botnet, according to ZDNet.

This allows the cameras to carry out DDoS attacks against target networks, overloading them and causing massive Internet outages such as the ones that occurred last year.

Persirai’s developers have also reportedly taken the step of blocking the exploit they use in order to prevent other attackers from targeting the camera and keep the infected device to themselves.

This is all possible because of manufacturers releasing IoT devices with default login credentials. This allows for anyone with a list of generic admin names and passwords to look up your IP camera and exploit it.

Keep yourself safe and make sure your internet-connected devices have strong passwords. Trend Micro says users should also disable Universal Plug and Play (UPnP) on their routers to prevent devices within the network from opening ports to the external Internet without any warning.

Below is a diagram by Trend Micro illustrating how the Persirai botnet works.


Posted in: News

Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series
Strategy & Planning Series