Have you ever wondered just how vulnerable the devices in your home or business really are? In our increasingly connected world, the gadgets that make our lives easier can also pose serious security risks. Recently, a troubling revelation has come to light: unpatched CCTV cameras are being exploited to spread a variant of the notorious Mirai malware.
The Unpatched CCTV Camera Crisis
An Unseen Vulnerability
Security researchers at Akamai have identified a glaring issue in AVTECH CCTV cameras that are commonly employed in critical infrastructure. The discovered vulnerability, tagged as CVE-2024-7029, resides in the device’s brightness function and allows for remote code execution (RCE). While it might sound technical, what this means is that cyber attackers can control these cameras without needing physical access.
Named in an advisory by the Cybersecurity and Infrastructure Security Agency (CISA) in August 2024, this defect is notable for its simplicity to exploit, its ability to be executed remotely, and its already known public exploitation. Despite its high CVSS score of 8.7, which indicates substantial risk, there has yet to be a patch released to address this vulnerability.
The Proof-of-Concept (PoC)
Interestingly, the proof-of-concept for CVE-2024-7029 has been publicly accessible since at least 2019. Yet, it was only formally assigned a CVE number in August 2024. The timing leaves one wondering: why did it take so long to get the attention it deserved? Meanwhile, cybercriminals had ample time to exploit this gaping security flaw.
Exploitation by Mirai Variant
An Evolving Threat
Akamai’s Security Intelligence and Response Team (SIRT) has flagged a botnet campaign that leverages this vulnerability to disseminate a Mirai variant dubbed “Corona Mirai.” The campaign, first detected on March 18, 2024, has roots tracing back to December 2023.
The Corona Connection
Why is it called “Corona Mirai”? This specific Mirai variant includes string names referencing the COVID-19 virus, a nod to its active timeline since 2020. Cybercriminals exploited the command injection vulnerability to execute a JavaScript file that fetches and launches the Mirai malware payload. Once delivered, the malware can connect to multiple hosts via Telnet on ports 23, 2323, and 37215, even printing the string “Corona” on an infected host’s console screen.
Other Vulnerabilities
This campaign did not stop at CVE-2024-7029. It also targeted several other zero-day vulnerabilities that remain unpatched, including Hadoop YARN RCE (CVE-2014-8361) and Huawei devices affected by CVE-2017-17215. This broad approach underscores a worrying trend: attackers frequently exploit older, seemingly low-priority vulnerabilities we often overlook.
Why Older Vulnerabilities Are Still Dangerous
A Concerning Trend
Researchers from Akamai note that malicious actors running these botnets are increasingly opting for newer and under-the-radar vulnerabilities to spread their malware. The exploitation of CVE-2024-7029 is a glaring example of this, highlighting a growing trend of using overlooked vulnerabilities to achieve malicious ends.
Quotes from Researchers
Akamai’s SIRT researchers have observed, “Malicious actors who operate these botnets have been using new or under-the-radar vulnerabilities to proliferate malware. CVE-2024-7029 is another example of using the latter, which is becoming an increasingly popular attack trend.”
Defensive Measures
The Lack of a Patch
Currently, there is no available patch for CVE-2024-7029. This reality makes it crucial for organizations to develop alternative strategies to mitigate risks, especially those entities utilizing AVTECH IP camera devices.
Recommendations from Experts
If your organization relies on hardware or software affected by such vulnerabilities, two primary defensive strategies are advisable:
- Decommission the Impacted Hardware
- When no patch or immediate solution is in sight, the best course of action may often be to decommission the vulnerable hardware completely.
- Heightened Vigilance in IoT Security
- Regularly updating and monitoring Internet of Things (IoT) devices can mitigate risks. Implementing strong passwords, employing network segmentation, and utilizing firewalls are vital practices for maintaining security.
Related Concerns in the Cyberworld
Other IoT Vulnerabilities
The IoT ecosystem is not new to security issues. Consider the slews of WiMAX routers that have been reported open to hijacking, spying, and even botnet enslavement.
Examples:
- News Date: 14 Jun 2017
- Threats: WiMAX Routers
User Responsibility
Users must take an active role in securing their devices. For instance, although recommendations are readily available, many users still neglect fundamental security measures like changing default passwords.
Opinion Commentary:
- News Date: 15 Feb 2017
- Verification Question: Will Users secure their IoT Devices?
Dark Web Threats
The dark web continues to be a bustling marketplace for DDoS attacks orchestrated through IoT devices.
Examples:
- News Date: 22 Sep 2023
- Dark Web Ads: Over 700 Dark Web Ads Offering DDoS Attacks
Constant Evolution of Botnets
Botnets constantly evolve, targeting all manner of IoT and traditional computing devices with new exploits.
Recent Analyses Include:
- News Dates:
- 10 Oct 2023
- 23 Sep 2023
- 16 May 2022
- Targets: IoT Devices and OS Systems
Staying Informed and Prepared
Keeping Up with Cybersecurity News
Staying informed about emerging threats is essential. Cybersecurity publications like Infosecurity Magazine offer regular updates on the latest in cyber threats and defense strategies.
Hot Topics:
- Commercial Spyware Exploits
- Published Vulnerabilities Surge
- International Cyber Espionage
Taking Proactive Measures
Regular webinars and training sessions can help organizations better understand and mitigate risks. Infosecurity Magazine and similar platforms also offer events like online summits to discuss the state of cybersecurity.
Webinar Examples:
- Optimizing Third-Party Risk
- Securing Industrial IP
- Threat Hunting Tactics
Conclusion
By understanding the vulnerability landscape and taking proactive defensive measures, you can significantly enhance your cybersecurity posture. Unpatched CCTV cameras like those from AVTECH demonstrate that even the most mundane of devices can turn into substantial security risks if neglected. Staying vigilant, informed, and proactive is your best defense against these ever-evolving cyber threats.
Source: https://www.infosecurity-magazine.com/news/unpatched-cctv-cameras-exploited/