Last month a significant internet attack caused outages and network congestion on many websites. New data suggests that this attack was powered with the help of hacked Internet of Things devices such as CCTV cameras and digital video recorders. We look at how this happened and give you some advice to protect your business against a future attack.
If you use a network video recorder (NVR) to record video in a digital format and store on a device in an IP video surveillance system then this advice is aimed towards you.
In October cyber criminals began training their attack cannons on Dyn, an Internet infrastructure company that provides critical technology services to some of the Internet’s top destinations. The attack began creating problems for Internet users reaching an array of sites, including Twitter, Amazon, Tumblr, Reddit, Spotify and Netflix.
It seems that the attack involved Mirai which is a malware strain. Mirai scours the Web for Internet of Things (IoT) devices protected by little more than factory-default usernames and passwords. It then enlists the devices in attacks that hurl junk traffic at an online target until it can no longer accommodate legitimate visitors or users.
The botnet used in the attack is built on the backs of hacked IoT devices — mainly compromised digital video recorders (DVRs) and IP cameras made by Chinese hi-tech companies. Many of these products from makers of inexpensive, mass-produced IoT devices are essentially unfixable, and will remain a danger to others unless and until they are completely unplugged from the Internet.
These cheap, poorly-secured hardware devices should be avoided as they are not always the bargain that they seem. The cheaper products have their password hardcoded into it and it is very difficult or sometimes impossible to change it.
CCTV cameras, NVR, DVR and other security equipment should only be sourced from reputable installers. It is important to change the passwords on your NVR to make it more difficult for them to be hacked. The product may come with a default username and password but if you do not change this to something specific to you then you are leaving yourself wide open to hackers. Your installer or one of our expert technicians would be happy to explain how to do this.
Brian Krebs, New York Times Bestseller and former Washington Post Journalist writes in detail about this recent cyber attack. He agrees with our experts on the value of buying from a reputable supplier. If you want to read more about it you can do so via this link.
At Northwood Technology we only distribute the highest quality security products and that is why we are known and trusted by Ireland’s best installers. We like to keep our clients up to date on the latest security issues by sharing our expert advice. If you have any concerns about cyber security and your security hardware please get in touch. You can contact us at our Dublin office 01 8601880 or our Cork office 021 2066853. We would be happy to put you in touch with a local installer.