Even though CCTV cameras can provide any business with greater protection against burglars and break-ins, they may actually be a security threat too. This is according to a blog post by Imperva’s Incapsula team, which says that under-protected CCTV cameras can give hackers access to your network resources.
Seeing as an increasing number of CCTV surveillance systems have Internet connectivity, cyber criminals can launch DDoS attacks against them and thus flood targeted websites with unwanted traffic in order to overwhelm their servers.
Although you can mitigate this risk through preventive measures such as over-provisioning with bandwidth, installing intrusion-detection systems or using 100TB Bare Metal Servers, it is highly recommended to stop hackers at the source.
The problem with CCTV cameras
In 2014, there were 245 million surveillance cameras operating across the globe. However, this only includes those installed by professionals, meaning there could be millions more in operation with even fewer security precautions.
CCTV surveillance systems featuring Internet connectivity come with default login credentials, which owners don’t always change. By working through a list of easy-to-guess usernames and passwords, dangerous malware can gain access to these CCTV systems and then launch Distributed Denial of Service (DDoS) attacks.
But rather than seeing what the cameras are filming, hackers target the small computer systems connected to the surveillance system instead. From there, they can commit additional criminal attacks and potentially shut down your website.
Details of a CCTV attack
The reason Imperva’s Incapsula team shed light on this vulnerability is because one of its clients was recently targeted by repeated HTTP flood attacks. Although the attack was described as ‘run of the mill,’ it soon became apparent that the offending IPs belonged to CCTV cameras, accessible via default login credentials.
The attack consisted of HTTP GET floods that peaked at around 20,000 RPS, with traffic originating from roughly 900 different CCTV cameras around the world. While the target was a rarely used asset of a large cloud service, it catered to millions of global users.
Another worrying aspect of this case study is that the compromised cameras were mostly logged from multiple locations. Not only is this an indication that they were hacked by several different individuals, it also goes to show just how easy it is to exploit unsecured devices.
Key takeaways from CCTV cameras and DDoS attacks
The biggest lesson to be learnt from this example is for organisations to secure their CCTV cameras as well as any device featuring Internet connectivity with unique login credentials that are changed regularly.
“We hope our story will raise awareness about the importance of basic security practices—as well as the threat posed by unsecured connected devices,” noted the blog post authors Ofer Gayer, Or Wilder, and Igal Zeifman. “Even as we write this article, we are mitigating another IoT DDoS attack, this time from an NAS-based botnet. And yes, you guessed it, those were also compromised by brute-force dictionary attacks.
“Whether it is a router, a Wi-Fi access point or a CCTV camera, default factory credentials are there only to be changed upon installation.”