Researchers discovered over 25,000 hacked internet-connected CCTV cameras being used in DDoS attacks to hammer websites; the denial-of-service botnet could deliver a whopping 50,000 HTTP requests per second. Over 25,000 hacked internet-connected CCTV cameras are being used for a denial-of-service botnet, according to researchers from the security firm Sucuri.The discovery came after Sucuri mitigated a DDoS attack against a jewelry store site; it had been generating 35,000 HTTP requests per second. But after bringing the website back up, researchers said the attacks increased to nearly 50,000 HTTP requests per second. When the attack continued for days, the researchers discovered the attack botnet was leveraging only IoT CCTV devices, which were located across the globe.Although this is not the first CCTV-based DDoS botnet discovered (900 had been used in attacks last year), it is the largest yet to be discovered.“It is not new that attackers have been using IoT devices to start their DDoS campaigns,” Sucuri wrote. “However, we have not analyzed one that leveraged only CCTV devices and was still able to generate this quantity of requests for so long.” The researchers determined 25,513 unique IP addresses were being used to generate the DDoS attack. One hundred five countries had compromised CCTV devices used in the attack. Twenty-five percent of the malware-infected devices were located in 95 different countries, but the top 10 countries with the most compromised CCTV devices accounted for 75 percent of locations. Those countries were:Another interesting aspect of the attack was that about 5 percent of the IPs came from IPv6. Sucuri said, it doesn’t “see many DDoS attacks leveraging IPv6 yet, [but] that’s a change we expect to keep happening as IPv6 becomes more popular.” Forty-six percent of the CCTV cameras used in the attack had default H.264 DVR logos, but the entire vendor distribution looked like this:While the researchers cannot say for certain how more than 25,000 IoT CCTV devices were compromised, they suspect the devices “might have been hacked via a recently disclosed RCE vulnerability in CCTV-DVR.” Back in March, security researcher Rotem Kerner discovered a RCE flaw affecting DVR devices used by CCTV cameras sold by more than 70 vendors.The DDoS attack “was a variation of the HTTP flood and cache bypass attack.” It leveraged random referrers and user-agent combinations in an attempt to emulate normal browser behavior in order to make it more challenging to identify and block the malicious requests. Engadget, Google and USA Today were the most popular referrers and the most popular browsers were the user-agents.Sucuri wrote:Unfortunately, as website owners, there is not much you can do to get those 25,000+ CCTVs fixed and protected. You also can’t do much to fix the millions of vulnerable devices on the internet that can be used as botnets and DDoS amplification methods.The security firm said it is “in the process of reaching out to the networks that have these unprotected and compromised cameras, but that’s just one small piece of the problem. Once the cameras are patched, the attackers will find other easily hacked devices for their botnets.” Related content news Dow Jones watchlist of high-risk businesses, people found on unsecured database A Dow Jones watchlist of 2.4 million at-risk businesses, politicians, and individuals was left unprotected on public cloud server. By Ms. Smith Feb 28, 2019 4 mins Data Breach Hacking Security news Ransomware attacks hit Florida ISP, Australian cardiology group Ransomware attacks might be on the decline, but that doesn't mean we don't have new victims. A Florida ISP and an Australian cardiology group were hit recently. By Ms. Smith Feb 27, 2019 4 mins Ransomware Security news Bare-metal cloud servers vulnerable to Cloudborne flaw Researchers warn that firmware backdoors planted on bare-metal cloud servers could later be exploited to brick a different customer’s server, to steal their data, or for ransomware attacks. By Ms. Smith Feb 26, 2019 3 mins Cloud Computing Security news Meet the man-in-the-room attack: Hackers can invisibly eavesdrop on Bigscreen VR users Flaws in Bigscreen could allow 'invisible Peeping Tom' hackers to eavesdrop on Bigscreen VR users, to discreetly deliver malware payloads, to completely control victims' computers and even to start a worm infection spreading through VR By Ms. Smith Feb 21, 2019 4 mins Hacking Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe