[MART] - Diary Diary #580 - Initial Access - Manipulation of CCTV Cameras

ctas-mat at appgate.com ctas-mat at appgate.com
Wed Aug 24 21:32:52 UTC 2022


I hope everyone is doing well!

Below is the entry for today.

08/24/2022 - Diary entry #580:

In our Daily Diary #420, we begin to cover malware techniques and their variations. Today we will cover a technique targeting CCTV (Closed Circuit Television) cameras that attackers use to gain initial access to organizations.

As mentioned in our Daily Diary #515, "Initial Access refers to the first step of compromise that can leverage access to a computer, system, or user accounts". In some cases, vulnerable CCTV camera systems accesses are purchased by criminals on hacking forums for building a botnet or to perform lateral movement.

Threat actors usually target CCTV cameras using exploits (such as CVE-2021-36260, a command injection vulnerability) and exploiting weak passwords set by users or that come with the device by default. After gaining access to the control system, the attackers have the possibility of altering the recordings, and even executing malware payloads such as DDoS botnets.

While manufacturers have been patching these vulnerabilities through firmware updates, many organizations have yet to apply the security update. That's why we recommend organizations and users with CCTV camera networks to patch software to the latest version, use a strong password, and limit who can access the CCTV system externally.

Kind Regards,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220824/52408f47/attachment.htm>

More information about the MART mailing list