Security researchers have found a vulnerability in over 80.000 HIKvision security cameras. The company has been providing a firmware update for some time, but only a few have installed it. Cyber gangsters are now using the cameras for their DDoS botnet.
Security researchers have already discovered a vulnerability in over 80.000 Hikvision cameras over the past year that can easily be exploited. The error is defined in CVE-2021-36260 and was fixed by Hikvision via a firmware update in September 2021. But, according to a whitepaper published by CYFIRMA, thousands of systems used by 2.300 organizations in 100 countries still haven't applied the security update.
Security cameras misused for DDoS attacks
As early as December 2021, a Mirai-based botnet called "Moobot" was probably using the special exploit to spread aggressively and involve systems in DDoS (Distributed Denial of Service) swarms. Also the mentioned cameras. In January 2022, CISA warned that the CVE-2021-36260 vulnerability was being actively exploited.
In addition to the vulnerability, many operators probably use extremely weak passwords that are easy to hack. There are even free password lists in various Darknet forums. All Hikvision camera operators should install the latest firmware update, use strong passwords, and better secure their IoT network.
More at HIKvision.com