Everyday new worms, hacks, botnets, and more get unleashed into the Internet. Targeting exposed systems, these hacks often can cause serious issues. A particularly challenging new botnet called Persirai threatens to cause damage and take over more than 122,000 exposed IP Cameras around the world. What will this mean for you? Let’s break it down.
What Is The Persirai Botnet?
The Persirai is a brand new botnet discovered by the company Trend Micro. It is specifically designed to target vulnerable IP camera models. In particular, there are more than 1,000 models that are targeted, resulting in over 122,000+ vulnerable cameras. Trend Micro discovered what the Persirai botnet was after by looking through a database collected by the Internet of Things (IoT) search engine known as Shodan.
What Will The Persirai Botnet Do?
The Persirai botnet is thought to be similar to the Mirai botnet that came last fall. As some in the industry might remember, the Mirai botnet was responsible for the largest DDoS, or Distributed Denial of Service attack. Simply put, experts are taking Persirai seriously and not allowing this particular piece of malware out of its sight. Prevent this from happening to you by knowing what it does and what you can do to stop it.
How Does The Persirai Botnet Work?
The Persirai botnet works by accessing IP cameras that have an open port on the user’s router. Persirai uses the vulnerability to perform a command injection and take over the system. Typically, the world of hacking is open as people borrow and change code to create new malware. However, the developers of Persirai gone as far as to block the exploit from other hackers. The reason for them doing this is to stop other hackers from using it as well. With infected IP addresses all to themselves, Persirai can generate better directed attacks.
The first thing an attacker does is access the IP camera via an open port. A script is installed that then commands the IP Camera to access an online website. Once accessed, the online website automatically downloads a malicious script. The malicious script then executes on the server essentially taking it over. Once this is completed, the camera will be roped into future botnet and DDoS attacks as determined by the malware creators. It can also be used to exploit other camera features, potentially acting as a way to dramatically remove your privacy.
Vulnerable IP Cameras By Country
The most vulnerable single country is China with more than 20% of the vulnerable IP cameras. Thailand and the US come in 2nd place with around 10% each. Mexico, Brazil, UK, Italy, Hong Kong, Japan, and South Korea all have at least 3% of the potentially affected IP cameras. Roughly 35% are distributed in small amounts in the remaining countries.
Steps You Can Take To Counter The Persirai Botnet
Originally, the IP cameras were perfectly secure. However, when the manufacturers released a new devices with credentials that were set to default, it became incredibly easy to access the technology and hack it. Anyone who has a generic admin name and password can have their system hacked and their camera exploited.
You have no doubt heard this piece of advice again and again. Make sure you have a strong password. It is the first and most critical way that you can secure your system against hack attempts. Change the generic settings to something custom and save yourself a lot of hassle down the road.
Another thing you can do is to disable the Universal Plug and Play feature. Also known as UPnP, it creates a possible security hole that people can use to access your IP camera. This will also help stop the camera from opening ports on your router without your knowledge.
The Future Of Persirai Botnet
Like so many other pieces of malware before it, the Persirai botnet will eventually run its course. However, unless you take steps to protect your system, you may find yourself vulnerable. In addition, there will be countless malware in the future that will threaten your technology. Take a step in the right direction by securing your electronics, changing your passwords, and staying a step ahead of the hackers. Your goal is to reduce your profile and be less of a target