Wednesday 24 May 2017, Poradnik bezpieczeństwa

Persirai – A new IoT botnet targets IP cameras

Lost24

Internet Protocol (IP) webcams can be infected with a new Internet of Things (IoT) botnet called Persirai.

It has been estimated that almost 2000 IP cameras' models of various brands are vulnerable to the Persirai's attacks, due to several flaws found in there firmware (software built into the device that provides basic operating procedures). The vulnerabilities can be easily exploited by cybercriminals in variety of ways, for example by commandeering the vulnerable devices as minions in Distributed-Denial-of-Service (DDoS) attacks.

Fortunately, so far no main DDoS assaults utilizing Persirai have been detected, however this might be the preliminary staging for an additional main assault.

The security experts from Trend Micro claim that the faulty firmware was developed by unnamed Chinese Original Equipment Manufacturer (OEM).

Qihoo 360 analysts have found that, in China alone, over 43000 video cameras are infected by the Persirai.

The maleware is particulary dangerous because it has the ability to scan the Internet for vulnerable devices.
Persirai also takes steps to hide itself by deleting itself from the device once it has been installed to continue to run only in memory. At the same time it blocks the new exploit on the infected device to prevent other hackers and botnets from being able to gain access.

According to the Computerworld portal, camera users can protect themselves by either blocking the at-risk cameras from being accessible from the public Internet, or installing a firmware update from the manufacturers.