Hikvision released a firmware update in September 2021, which addressed the vulnerability, and this vulnerability was tracked as CVE-2021-36260 vulnerability.
Hikvision is a company specializing in manufacturing and supplying video surveillance equipment. This company is a state-owned Chinese manufacturer that provides its services and equipment to civilians and the military.
The Moobot botnet, which is based on Mirai, abused this vulnerability in December 2021. As a result, the attacker aggressively enrolled the vulnerable systems into a DDoS swarm so that they could be attacked aggressively.
CYFIRMA reported Cyber Security News about this incident, From an External Threat Landscape Management (ETLM) analogy, cybercriminals from countries that may not have a cordial relation with other nations could use the vulnerable Hikvision camera products to launch a geopolitically motivated cyber warfare. Cybercriminals and state-sponsored hacker groups could very easily collaborate using this avenue as an opportunity for mutual gains and to further their interests.”
As a result of the experts’ analysis, more than 285,000 Hikvision web servers with internet access were analyzed. There are approximately 80,000 vulnerable servers among the ones analyzed, making them still a relatively large number.
These are some of the countries that have the greatest number of endpoints:-
- The United States
- The United Kingdom
- South Africa
- The Netherlands
Due to the fact that multiple threat actors are involved in exploiting this flaw at this time, the method of exploiting this flaw does not follow a specific pattern.
It’s also important to note that users are often subjected to weak passwords by default, either due to convenience or functionality.
There are a number of recommendations mentioned below that should be followed if you are operating a Hikvision camera:-
- Ensure you are using the latest version of the firmware available on your device.
- Keep your passwords strong at all times.
- Use a firewall or VLAN to separate the IoT network from critical assets so that they can be isolated.
- Passwords should be changed frequently, so it is important to keep them up to date.