Hackers Use CCTV Cameras, Routers, and DVRs to Attack Telnet Ports
The Number of Embedded Devices Used by Attackers Grows
Last year, CZ.NIC, the Czech national top-level domain administrator, set up a few honeypots in an attempt to gather more information about the way hackers act these days. The researchers' main idea was to see how threat actors try to infiltrate a system through SSH – the most widely used remote connection protocol. They did decide to leave Telnet as a 'complimentary feature,' just to see if somebody still uses it. The hackers do use it, they use it quite extensively.
It turns out that the IPs trying to organize brute-force attacks through Telnet outweigh the ones using SSH by a factor of two. Recently, the researchers observed a massive spike in the login attempts coming through the rather ancient protocol.
The number of unique IPs attacking the honeypots surged from around 30,000 at the beginning of May to more than 100,000 mere days later. The attacks came mainly from China, Brazil, India, Taiwan, and Vietnam. Curious, the researchers set off to find out what had caused the colossal increase in activity.
They decided to use a service called Shodan to inspect the attacking devices more closely. The results were rather surprising. It turns out that CZ.NIC's honeypots weren't attacked by a huge botnet of infected PCs and servers. Instead, the hackers used things like home routers, CCTV cameras, and DVR's.
It might sound far-fetched at first, but when you think about it, it starts to make sense. All these devices are connected to the internet, and all these devices have a firmware that can be vulnerable to infection. In fact, some of the vulnerabilities, particularly the ones related to DVRs manufactured by Dahua Technology, are worryingly old. The firmware providers have responded with patches in some cases, but by the looks of things, the hardware vendors have yet to fully implement them into their products.
Their slow reactions and Telnet's lack of encryption means that hackers have yet one more way of compromising millions upon millions of systems. The threat actors know that very well.
In June, researchers from Arbor Networks reported that the number of DDoS botnets comprising of IoT devices is growing and that they've been herded using a toolkit released by the infamous Lizard Squad hacking group. More recently, Level3 and Flashpoint said that there are more than 1 million embedded devices that are currently used in DDoS attacks.
According to experts, most of the devices have been compromised through open Telnet ports.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.