14 DAY TRIAL // A brand new IoT malware was discovered spreading like wildfire, having infected over 100,000 Internet-connected cameras already.
Called Persirai, the new malware has been working on infecting Chinese-made wireless cameras since April, cyber security company Trend Micro says. The malware managed to infect so many devices by exploiting flaws in the cameras reported back in March.
Then, Pierre Kim, a security researcher, discovered that numerous wireless cameras were affected by a vulnerability that allowed attackers to remotely execute code, making for a highly effective hijack. According to his claim, at least 1,250 camera models produced by a Chinese manufacturer carry the bug, which means there are plenty more cameras that could get hacked.
Trend Micro says that, over the past month, it noticed a new malware spreading by exploiting those very same products that were affected by the reported vulnerability.
"It goes to show that the people behind this are probably more aware of how to use these vulnerabilities," noticed Jon Clay, Trend Micro director of global threat communications.
According to the company, after running a Shodan search, there are about 120,000 cameras vulnerable to the malware.
The purpose of this malware, it seems, is to infect these cameras and form a botnet, much like it always happens with IoT malware. These botnets can be used to carry DDoS attacks in order to force sites offline. So far, the botnet Persirai hasn't been used for any website attacks, but that's mostly because it seems like its creators are still testing the waters.
An interesting fact about this malware, Trend Micro notes, is the fact that once it infects a device, it blocks anyone else from exploiting the same vulnerabilities.
While it carries a different code, it does borrow certain functions from Mirai, namely to scan the Internet for new devices to infect.
The name of the manufacturer has not been released and will remain undisclosed until the patch is published.
The IoT danger
"Since all consumer grade IP cameras I am aware of do not use secure (certificate based) authentication, along with the inordinate number of known vulnerabilities found in such devices, I believe it is just a matter of time before all cameras globally fall prey to such attacks. I also believe the time is very short," said Mike Ahmadi, Global Director, Critical Systems Security at Synopsys.
"Reports of the Persirai botnet reinforce recent indications that hackers are reverting to more traditional malware techniques to launch DDoS attacks, as conventional methods, such as reflection and amplification, become harder to leverage, at a scale which delivers the required impact," adds Sean Newman, director at Corero Network Security.
"With this step up in sophistication, past the simple brute-force login techniques utilised by Mirai, to exploit hidden vulnerabilities in the software itself, makes it notably harder for the attackers’ efforts to be thwarted at source. Even if vendors start putting effort into better securing their IoT devices, eliminating all vulnerabilities in their core software is a much harder task, suggesting DDoS attacks exploiting armies of IoT devices are going to be around for the foreseeable future."