430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

How hackers are exploiting vulnerable DVRs to conduct illegal activities

Security experts discovered a new malware that targets DVR and other Internet of Things devices recruiting them for different illegal activities. DVR, abbreviation for Digital Video Recorders systems, from Hikvision firm are affected by vulnerabilities that allow an attacker to hack them remotely. Digital Video Recorders are systems used to record surveillance footage of office buildings and […]

How hackers are exploiting vulnerable DVRs to conduct illegal activities

Security experts discovered a new malware that targets DVR and other Internet of Things devices recruiting them for different illegal activities.

DVR, abbreviation for Digital Video Recorders systems, from Hikvision firm are affected by vulnerabilities that allow an attacker to hack them remotely.

Digital Video Recorders are systems used to record surveillance footage of office buildings and surrounding areas in digital format on several mass storage devices.

A hacked DVR could by be abused by threat actors to manipulate the images recorded by the device, for example, deleting them from the support, as an entry point in the network that hosts the equipment or to run a DDoS attack.

Hacking a DVR could allow an attacker to target PoS systems located on the same network and any other vulnerable machines. A hacked DVR could be recruited as part of a botnet and be used for various illegal activities, such as running DDoS attacks or Brute-force attacks or to mine Bitcoins.

Security researcher Johannes Ullrich, an instructor at the SANS Technology Institute, first reported that malicious software was infecting the Hikvision DVRs trying to propagate itself to other machines on the network. The malicious code was also able to mine Bitcoins abusing of the computational resources of the digital equipment.

Despite this kind of malware is compiled for bot Windows and Linus OSs, the malicious code discovered by the researcher “was actually complied for the ARM processor that’s running these devices so they kind of knew what they were into.”

Ullrich also discovered other infections related to the same malware that compromised other devices like routers. The fact the the attacker compiled the code for ARM architecture demonstrate the great attention of cybercrime in the exploitation of resources of Internet of Things devices.

DVR surveilance

Security experts at Rapid7 discovered that nearly 150,000 of Hikvision DVRs devices exposed on the Internet could be accessed remotely due to the exploitation of a still unpatched devices.

“This is especially troubling given that a similar vulnerability (CVE-2013-4977) was reported last year, and the product still appears unpatched out of the box today,” reports Rapid7.

A blog post published by Rapid7 firm explains the impact of the vulnerabilities affecting several devices in the wild..

“Rapid7 Labs has found multiple vulnerabilities in Hikvision DVR (Digital Video Recorder) devices such as the DS-7204 and other models in the same product series that allow a remote attacker to gain full control of the device. ” states the post.

“[Hikvision] DS-7204 and other models in the same product series that allow a remote attacker to gain full control of the device. More specifically, three typical buffer overflow vulnerabilities were discovered in Hikvision’s RTSP request handling code: CVE-2014-4878, CVE-2014-4879 and CVE-2014-4880. This blog post serves as disclosure of the technical details for those vulnerabilities. In addition, a remote code execution through a Metasploit exploit module has been published.”

A Metasploit module is available to hack into unpatched DVRs exploiting the flaws.

Rapid7 attempted to report the flaw to Hikvision several times since September, but the company never replied to the security experts, which decided to publicly disclose the vulnerability.

Pierluigi Paganini

(Security Affairs –  DVR, Internet of Things)