- Researchers from Trend Micro have detected a new Internet of Things (IoT) botnet called ‘Persirai’ targeting 1000 internet protocol (IP) cameras.
- Many of these vulnerable users are unaware that their IP Cameras are exposed to the internet, which makes it significantly easier for the perpetrators behind the malware to gain access to the IP Camera web interface via TCP Port 81, Trend Micro added.
- Once commands from the sever have been received, the IP Camera will exploit a zero-day vulnerability to automatically attack other IP cameras, allowing attackers to get the password file from the user, giving them the means carry out command injections regardless of password length.
- What’s more, Trend Micro explained that the affected IP Camera receives a command from the C&C server, instructing it to perform a DDoS attack on other computers via User Datagram Protocol (UDP) floods.
- As a large number of these types of attacks are caused by the use of the default password in the device interface, Trend Micro urged users to change their default password as soon as possible and use a strong password for their devices, although a strong password alone does not guarantee device security.
@MASERGY: “New #IoT #botnet targets IP cameras! #Network” open tweet »