Thousands of surveillance cameras (opens in new tab) are still vulnerable to an old exploit, and if companies don’t apply the fix, they risk Russian hackers taking over their endpoints and stealing their data.
According to cybersecurity researchers from CYFIRMA, the cameras in question are from Hikvision, one of the most popular video security systems (opens in new tab) providers out there. Its products were vulnerable to CVE-2021-36260, a command injection vulnerability in the web server triggered by sending a message containing malicious commands to the server.
According to a Beeping computer According to the report, the company identified and fixed the bug in September 2021, but many organizations have yet to apply the patch. In fact, around 80,000 cameras used by around 2,300 organizations around the world remain vulnerable.
Botnetting and Lateral Movement
The security camera exploit isn’t just a proof of concept either. There have reportedly been two attacks in the wild so far, one of which was used to extend Moobot, a botnet that used the compromised cameras for Distributed Denial of Service (DDoS) attacks.
In addition, CYFIRMA found that many Hikvision cameras were sold on Russian-language underground forums as entry points for lateral movement and “botnetting”.
“Using an External Threat Landscape Management (ETLM) analogy, cybercriminals from countries that may not have cordial relations with other nations could use the vulnerable Hikvision camera products to launch a geopolitically motivated cyberwar,” claims CYFIRMA.
If your company operates Hikvision cameras, there are a few things you should do, starting with updating the system’s firmware and software. After that, ensure that the system is thoroughly protected with a strong password and isolated from other important assets with a firewall.
About Bleeping Computer (opens in new tab)