Thousands of security cameras are still vulnerable to an old exploit, and unless organizations move to apply the fix, they risk Russian hackers taking over their endpoints and stealing their data.
According to cybersecurity researchers at CYFIRMA, the cameras in question are made by Hikvision, one of the most popular video security system providers out there. Its products were vulnerable to CVE-2021-36260, a command injection vulnerability in the web server, triggered by sending a message with malicious commands to the server.
As per a BleepingComputer report, the company identified and fixed the flaw in September 2021, but many organizations are yet to apply the patch. In fact, some 80,000 cameras, used by some 2,300 organizations all over the world, remain vulnerable.
Botnetting and lateral movement
The security camera exploit isn't just a proof of concept, either. Reports suggest there have so far been two attacks in the wild, one of which was used to expand Moobot, a botnet that used the compromised cameras for distributed denial of service (DDoS) attacks.
Furthermore, CYFIRMA found many Hikvision cameras being sold on Russian-speaking underground forums as entry points for lateral movement and “botnetting”.
"From an External Threat Landscape Management (ETLM) analogy, cybercriminals from countries that may not have a cordial relation with other nations could use the vulnerable Hikvision camera products to launch a geopolitically motivated cyber warfare," CYFIRMA claims.
If your firm operates Hikvision cameras, there are a couple of things you should do, starting with updating the system’s firmware and software. After that, make sure the system is thoroughly protected with a strong password, and isolated from other important assets with a firewall.
- These are the best endpoint protection services right now