Trend Micro blocked five million IoT camera hack attempts

fenderman · Jul 26, 2019

Trend Micro blocked five million IoT camera hack attempts

"Many cameras – especially cheap imported devices – often don’t prompt users to change default passwords, meaning they can be compromised with very little expertise. Some websites even provide a directory of vulnerable cameras that can be streamed.

Trend Micro teamed up with IP security solution provider VIVOTEK in a bid to secure IoT cameras. Data from 7,000 IP cameras were analysed by Trend Micro to find the scale of the threat against them, and how few protections they have."

"Trend Micro’s analysis found 75 percent of blocked attacks were brute force login attempts. The cybersecurity giant says it shows ‘a clear pattern’ that devices are being targeted with common malware, such as Mirai."

bp2008 · Jul 26, 2019

Only five million attempts? That's a drop in the bucket. Or more accurately a drop in the ocean.

IAmATeaf · Jul 27, 2019

The real issue is that anybody not remotely IT interested/savvy just leave things as default.

My wife and sister are classic examples of this as according to them it’s easier to remember the username/password as it’s written in the user manual.

mikeynags · Jul 27, 2019

I'd still like to know more detail on just how Trend blocked 5 million hack attempts. It sounds like Vivotek is utilizing some kind of firmware-based IPS or brute force detection. Is that a lock the account after X number of bad password attempts?

Anyone running Vivotek cameras out there?

TL1096r · Jul 27, 2019

Could it be due to the trend micro installed in the asus router that is blocking these attempts? I have not activated mine because it logs everything and is cloud based. I do not trust it.

Does anyone have it activated on their asus router?

looney2ns · Jul 28, 2019

TL1096r said:
Could it be due to the trend micro installed in the asus router that is blocking these attempts? I have not activated mine because it logs everything and is cloud based. I do not trust it.

Does anyone have it activated on their asus router?

Me

TL1096r · Jul 28, 2019

looney2ns said:
Me

do you worry about them seeing all your traffic and keeping it logged in the cloud? It seems that it is what it does.

fenderman · Jul 28, 2019

TL1096r said:
do you worry about them seeing all your traffic and keeping it logged in the cloud? It seems that it is what it does.

Your isp already has that info.

TL1096r · Jul 28, 2019

fenderman said:
Your isp already has that info.

yes. i read the disclaimer on my ISP saying they do keep it all.. but then it becomes TM is another source/company that has your info and then stores it on the cloud? It seems on ipct you'd want to cut down on that.

What do you think about trendmicro on asus?

fenderman · Jul 28, 2019

TL1096r said:
yes. i read the disclaimer on my ISP saying they do keep it all.. but then it becomes TM is another source/company that has your info and then stores it on the cloud? It seems on ipct you'd want to cut down on that.

What do you think about trendmicro on asus?

The cannot see your encrypted data. dont over think it. You are better off having their service vs an attack on your system. Most modern antivirus, likely the one you are using right now send some data to the cloud for analysis.

TL1096r · Jul 28, 2019

fenderman said:
The cannot see your encrypted data. dont over think it. You are better off having their service vs an attack on your system. Most modern antivirus, likely the one you are using right now send some data to the cloud for analysis.

Ok makes sense. You know how it is always something with attacks and logs. Like amazon listening and storing all your recordings.

thendawg · Aug 1, 2019

There are options for running your own IPS/IDS for free, on your local network, with no "cloud" stuff. I personally use snort on pfsense, but alot of people recommend suricata (also available on pfsense or many other platforms), and to be honest, it does look a bit more powerful (not to mention pretty) - but at this point I have telegraf scraping my snort logs to output to my network dashboard, sooo it's going to take some real motivation for me to change this.

I get it though, most people want something that "just works", but if youre willing to take your time to configure threat lists, review your traffic and enable/disable rules as required, it makes it possible to completely manage your own IPS/IDS. Its up to you if you want to take the easy way or truly control your own data.

Personally I also recommend pihole and setting up DNS over TLS. Pihole uses block lists to block known tracking,malicious, and ad providers at the dns level and dns over tls encrypts all of your dns queries to prevent ISP injections or logging activity (at this point, if youre using only https like a good boy, all your ISP can see is the IP addresses you communicate with). Then of course you can still add a VPN if you like for more security

Personally, a VPN brings more headaches then good for daily use, so I have an isolated VPN-connected subnet for use if needed

mikeynags · Aug 1, 2019

I 2nd the pihole recommendation. It's very easy to setup and very effective.

TL1096r · Aug 1, 2019

Nick Pound said:
There are options for running your own IPS/IDS for free, on your local network, with no "cloud" stuff. I personally use snort on pfsense, but alot of people recommend suricata (also available on pfsense or many other platforms), and to be honest, it does look a bit more powerful (not to mention pretty) - but at this point I have telegraf scraping my snort logs to output to my network dashboard, sooo it's going to take some real motivation for me to change this.

I get it though, most people want something that "just works", but if youre willing to take your time to configure threat lists, review your traffic and enable/disable rules as required, it makes it possible to completely manage your own IPS/IDS. Its up to you if you want to take the easy way or truly control your own data.

Personally I also recommend pihole and setting up DNS over TLS. Pihole uses block lists to block known tracking,malicious, and ad providers at the dns level and dns over tls encrypts all of your dns queries to prevent ISP injections or logging activity (at this point, if youre using only https like a good boy, all your ISP can see is the IP addresses you communicate with). Then of course you can still add a VPN if you like for more security Personally, a VPN brings more headaches then good for daily use, so I have an isolated VPN-connected subnet for use if needed

what are you using pfsense on?

I don't get using a VPN to block ISP from viewing your activity. Doesn't it just keep things slower then what is point of your ISP fast speeds.

thendawg · Aug 1, 2019

Im running pfSense on an older SFF Optiplex (2nd gen i5) with 4GB Ram and a quad port NIC - think I have like $75 in it lol. As for a VPN, that depends on the VPN performance wise, there are some with 500mbit+ packages if you're willing to pay. A VPN is also useful to obfuscate your identity to end providers as well (if thats something you desire), not just your ISP, essentially youre creating an "anonymous" endpoint where traffic between you and that endpoint is encrypted. (if youre using https, its also encrypted from the vpn proxy to host as well) Said endpoint has many incoming IP connections and many outgoing, thereby obfuscating your identity from everyone except the VPN owner (make sure you use a good one, not a free one that steals your data). Now granted, depending on the data you transmit it can still potentially be tracked. Can always go super paranoid and go Tails + TOR for that super risky browsing lol. Like I mentioned, I dont use a VPN for 95% of my traffic, but they certainly have their uses!

Search

Trend Micro blocked five million IoT camera hack attempts

fenderman

bp2008

IAmATeaf

Known around here

mikeynags

Known around here

TL1096r

looney2ns

TL1096r

fenderman

TL1096r

fenderman

TL1096r

thendawg

Getting the hang of it

mikeynags

Known around here

TL1096r

thendawg

Getting the hang of it