Persirai, new botnet attacking Chinese security cameras

Security experts at Trend Micro have discovered a new botnet, Persirai, that has already hit around 120 thousand Chinese security cameras

Computer security threats caused by Internet of Things devices are nothing new. After a brief stall, however, hackers seem to be back in charge with a new attack that could affect several surveillance cameras created by Chinese companies.

The new threat, simply put a botnet, which is a network controlled by a botmaster and composed of devices infected with a specialized malware, called bots or zombies, was first detected in recent days by cybersecurity company Trend Micro. The threat has been named Persirai, and has been compared by many to another major recent threat caused by the IoT, Mirai. Persirai has started infecting wireless cameras of several Chinese companies only in the last month, but according to first estimates it has already reached and exceeded 120 thousand infected cameras.

Cameras are easy targets

According to Trend Micro, the threat exploits the obvious security flaws present on Chinese cameras. The main problem is that in most cases the victim has no idea that their surveillance camera has been infected by a hacker. "IP cameras typically use Universal Plug and Play (UPnP)," Trend Micro experts explain, "these are network protocols that allow devices to open a port on the router and act as a server, all of which, however, makes them easy targets for IoT malware.

How Persirai Acts

Once the hacker gains access of the IP camera, it downloads the malware and in this way also attacks all other cameras by exploiting a zero-day vulnerability. Il metodo migliore per proteggersi è cambiare la password di default presente sulla videocamera. Questo è il consiglio dato da Trend Micro a tutte le persone che hanno una telecamera cinese. Anche se Trend Micro punta il dito contro i produttori cinesi del settore che spesso sottovalutano, così come fanno gran parte dei produttori IoT di tutto il mondo, i pericoli legati alla sicurezza di questi dispositivi.

Le Nazioni colpite

diffusione.persirai.jpgFonte foto: Trend Micro

La mappa con la diffusione della botnet Persirai

TrendMicro ha offerto anche una panoramica sulle nazioni più colpite dalla botnet Persirai. E a grande sorpresa c’è anche l’Italia. Tra le oltre 120.000 telecamere di videosorveglianza, oltre il 3% sarebbero installate nelle abitazioni degli italiani. La Nazione più in pericolo è la Cina, seguita dalla Thailandia e dagli Stati Uniti.