Large-Scale Cyber Attacks Targeting Web Cameras and DVRs
Background
A particular focus was on Hikvision and Xiongmai devices that have Telnet access. The criminals use the open-source tool Ingram to detect vulnerabilities in the web cameras. With Medusa, the attackers use another open-source tool to circumvent authentication.
Attack Vector
The attacks targeted webcams and DVRs with TCP ports 23, 26, 554, 2323, 567, 5523, 8080, 9530, and 56575 open for Internet access.
Campaign History
The campaign is the successor to two large-scale series of attacks:
- One that targeted a US Department of Defense server in 2023, as reported by Bleeping Computer, and
- Another that targeted more than a hundred companies from North America, Europe, and South America whose DrayTek Vigor VPN routers were infected with HiatusRAT to create a covert proxy network.
Conclusion
The recent large-scale cyber attacks targeting web cameras and DVRs highlight the importance of securing these devices. The use of open-source tools to detect vulnerabilities and circumvent authentication emphasizes the need for robust security measures. As the campaign continues to evolve, it is essential to stay vigilant and implement effective security protocols to protect against these types of attacks.
FAQs
Q: What are the most commonly targeted devices in these attacks?
A: The attacks primarily target Hikvision and Xiongmai devices with Telnet access.
Q: What tools are used by the attackers to detect vulnerabilities and circumvent authentication?
A: The attackers use the open-source tools Ingram and Medusa.
Q: Which TCP ports are commonly open for Internet access in the targeted devices?
A: The targeted devices typically have TCP ports 23, 26, 554, 2323, 567, 5523, 8080, 9530, and 56575 open for Internet access.
Q: Have there been similar attacks in the past?
A: Yes, there have been two large-scale series of attacks in the past: one targeting a US Department of Defense server and another targeting companies with DrayTek Vigor VPN routers infected with HiatusRAT.
