New IoT malware targeting over 100,000 internet-connected cameras

'There is no room for security shortcuts. Product companies must build in various security mechanisms to reduce the risk of attacks – including strong authentication, encryption and the like. Thorough evaluation of the security implications will ultimately save time and cost of flaws discovered down the road'

There are reports a new IoT malware is spreading through over 100,000 internet-connected cameras via recently disclosed vulnerabilities in products

The malware is called Persirai and was found infecting Chinese-made wireless cameras last month, according to security firm Trend Micro. This affected up to 1,250 camera models – or around 120,000 cameras – according to the report.

The researcher who discovered the IoT vulnerability – and released his knowledge of it – said that the malware allowed the cyber attackers to remotely access the cameras, implant code and hijack them.

>See also: The security challenges with the Internet of Things

“The security researcher, a white hat, may have had the best intentions with releasing a full disclosure on these vulnerabilities,” Marshal Webb, CTO of BackConnect, a DDoS protection provider said. “But now they’re just out there, making it convenient for anyone to exploit.”

This type of malware infects cameras to form a botnet, which can then launch DDoS attacks to cripple websites.

However, Webb said that although the Persirai-powered botnet can launch DDoS attacks, it is at the moment not carrying out assaults, probably because the malware attackers are still looking at how best to use it.

>See also: Fighting back against Mirai botnet

Ryan Lester, Director of IoT Strategy at Xively by LogMeIn said that “these incidents with Persirai are another reminder of what is at stake with the Internet of Things. IoT has the potential to transform the way we live and work but product companies need to understand the complexities around its security to get the best out of it.”

“There is no room for security shortcuts. Product companies must build in various security mechanisms to reduce the risk of attacks – including strong authentication, encryption and the like. Thorough evaluation of the security implications will ultimately save time and cost of flaws discovered down the road.”

Nominations are now open for the Tech Leaders Awards 2017, the UK’s flagship celebration of the business, IT and digital leaders driving disruptive innovation and demonstrating value from the application of technology in businesses and organisations. Nominating is free and simply: just click here to enter. Good luck!

This article is tagged with: