Researchers have uncovered a new botnet that takes over Internet-connected cameras in order to launch denial-of-service attacks, following in the footsteps of the notorious Mirai botnet.
The new malware, called Persirai, appears to be controlled by Iranian nationals, since the addresses of its command servers use the controlled .ir domain and special Persian characters were used in its code, according to Trend Micro.
Persirai targets more than 1,000 models of IP cameras and Trend found more than 120,000 vulnerable devices listed on the Shodan Internet of Things (IoT) search engine.
“Many of these vulnerable users are unaware that their IP Cameras are exposed to the internet,” Trend said in an advisory. “This makes it significantly easier for the perpetrators behind the malware to gain access to the IP Camera web interface via TCP Port 81.”
Persirai attacks cameras using a security bug made public several months ago, and installs code that causes the device to automatically begin attacking other cameras using the same vulnerability.
While running the malware code blocks other attacks that make use of the same bug. Since it runs in memory only, the malware is disabled when the device is rebooted – but the device then also becomes vulnerable to attacks once again.
Infected cameras receive commands from the attacker’s servers that can direct distributed denial-of-service (DDoS) attacks against other systems, Trend said.
The company said the manufacturer of the device it tested said it had released a firmware update fixing the vulnerability used by Persirai, but Trend wasn’t able to find a more recent firmware version.
The security firm advised users to change the default passwords on their Internet-connected devices, if they haven’t already done so.
“Users should also disable UPnP on their routers to prevent devices within the network from opening ports to the external Internet without any warning,” Trend advised.
In March, researchers said a Mirai variant had been used to carry out a 54-hour-long attack on a US college, and in April IBM uncovered another variant that used devices’ processing power to mine Bitcoins.
Mirai uses open source code that has been released to the public, making it simpler for attackers to create their own customised versions.
Last month the developer of BrickerBot, which aims to render vulnerable gadgets inoperable so that they can’t be used by botnets, said the tool had disabled two million devices to date.
Do you know all about security in 2017? Try our quiz!
Investor appeasement? Apple unveils huge $110 billion share buyback program, as sales of iPhone decline…
Tesla retreats from pioneering gigacasting manufacturing process, amid cost cutting and challenges at EV giant
No skynet please. After the US, UK and France pledge human only control of nuclear…
Microsoft's AI investments continue in south east Asia, after investments in Japan, Malaysia, Indonesia, as…
New chapter for LastPass as it becomes an independent company to focus on cybersecurity, after…
US FCC seeks to ban Chinese telecom firms at centre of national security concerns from…