Moobot botnet spreading via Hikvision camera vulnerability

[mlapaglia]

anyone seen this?
"A Mirai-based botnet called 'Moobot' is spreading aggressively via exploiting a critical command injection flaw in the webserver of many Hikvision products. "

Moobot botnet spreading via Hikvision camera vulnerability

A Mirai-based botnet called 'Moobot' is spreading aggressively via exploiting a critical command injection flaw in the webserver of many Hikvision products.

www.bleepingcomputer.com

 

[alastairstevenson]

Yes, I was just reading about it.
It seems the Hikvision CVE-2021-36260 is attracting some malicious downloads.

Mirai-based Botnet - Moobot Targets Hikvision Vulnerability | FortiGuard Labs

FortiGuard Labs analyzes how an attacker can leverage CVE-2021-36260 to create targets for Moobot which is a DDoS botnet based on Mirai. In this blog we explain how an attacker delivers this payloa…

www.fortinet.com

 

[mlapaglia]

is there any easy way to check if a hikvision camera has access to the internet? i've got them on a separate vlan with no access, but it'd be nice to double check

 

[SpacemanSpiff]

Review your router logs

Or configure your laptop to an IP in same range of the cams, plug into the same switch/vlan as the cams and try to access Internet

 

[Mike_Larry]

Hi guys, I’ve recently purchased some Hilook/Hikvision products. Was having issues with my previous Wifi camera setup in our estate with people jamming the cameras. Having issues with my new hikvision products which has led me to believe my devices are being hacked.

Are there any tools out there which i can use to test my devices for the vulnerability. Even better still, if i was to provide the ip addresses is there anyone who can test the devices for me as im very new to this whole networking stuff. Am willing to pay for the service.

If no one is available to do this maybe they know someone who can. Would be grateful if they could pass on the contact details.

Appreciate the help. Thanks

 

[SpacemanSpiff]

Wifi can be jammed over the air, without having direct access to any of the devices. Are you sure the jamming was not simply a congested area? Meaning, a higher density of human population, leading to a lot of wifi routers all vying for channels and airtime?

You could employ the use of online vulnerability scanning tools, however it is only going to confirm what you already set-up... ports are open on your network putting any devices at risk. As for scanning the specific devices, identify the current firmware, and research the vulnerabilities of the version.

Do not allow your cameras direct access to the Internet. If the cams can't get out, then people hackers will not be able to get to the cameras.

How to Secure Your Network (Don't Get Hacked!)

Many camera networks are unsecure, even those installed by professionals. This guide gives basic instruction in how to secure a camera network from the most common types of attacks. Perhaps the most important rule of securing a computer network is to not forward ports to unsecure services...

ipcamtalk.com

VPN Primer for Noobs

The internet is a force of nature; no video surveillance system made was designed to be exposed to those forces.. NEVER FORWARD PORTS to your NVR or Cameras, doing such things not only exposes you to severe security problems, but everyone else on the internet too.. Hackers dont want your video...

ipcamtalk.com

 

[Gargoile]

Do not allow your cameras direct access to the Internet. If the cams can't get out, then @GoTimothy will not be able to get to the cameras.

Fixed your statement.