Cybercriminals attacking different IoT devices is not a new thing. Time after time, we hear hackers breaching different IoT safety protocols. Now, they are targeting one of the most critical IoT devices – IP Cameras.
Trend Micro Experts have detected a new IoT botnet, commonly known to many as – Persirai, which is targeting more than 1000 IP camera models.
If you are unaware, more than 120,000 IP cameras are vulnerable to Persirai malware. As all IP cameras are connected to the internet, there is a very high possibility for hackers to gain access to these devices via TCP Port 81. In most cases, consumers are unaware of such threats. Leaving them exposed to a new wave of threats that can have a severe impact on their business.
Similar to other connected devices, IP Cameras are designed for user convenience making cyber security an afterthought. When connected to the primary server, these IP cameras open a port in the router, making them highly vulnerable to cyber attacks. Hackers can access the camera using the port and inject malware or connect them to a website from where malicious scripts are downloaded.
Once the malware breaks the security protocols of the device, it will delete itself and run only on the memory of the device. Persirai also blocks other hackers from entering the system to keep the infected device to themselves. The camera then becomes a weapon to trigger different cyber attacks, including DDoS, against targeted networks. The previous DDoS attack was carried out by Mirai botnets bringing a large number of websites including Amazon and EBIT to a standstill.
While researchers are still unable to identify the team of hackers behind this new IoT threat, it is clear that the malware was launched from Iran and developers has used sophisticated Persian codes to design Persirai botnets.
For prevention, users have to change the default password in the device interface. Strong passwords are recommended because there are times when hackers can detect your hand motion to configure the password. Users must also disable UPnP on to prevent the router from opening ports without any warning.