A new DDoS attack powered entirely by compromised CCTV units

Security researchers of Sucuri have revealed a unique new DDoS attack launched against a small business, which was powered entirely by thousands of compromised CCTV units.

25,513 IP addresses were spotted, with a plurality in Taiwan, the US and Indonesia — although they spread out over 105 countries in total.

By far the largest number of devices themselves were H.264 DVR units, they may have been compromised via a recently disclosed RCE bug in CCTV-DVR.

From Sucuri Blog:

It was a layer 7 attack (HTTP Flood) generating close to 35,000 HTTP requests per second(RPS) which was more than their web servers could handle.

In this case however, after the site came back up, the attacks increased their intensity, peaking to almost 50,000 HTTP requests per second. It continued for hours, which turned into days.

Since this type of long-duration DDoS is not so common, we decided to dive into what the attackers were doing, and to our surprise, they were leveraging only IoT (Internet of Things) CCTV devices as the source of their attack botnet.

Read the entire article here: