Causes of data leaks from surveillance cameras
The causes of data leaks from surveillance cameras stem from factors such as weak passwords & failure to change them after installation, lack of security patch updates, vulnerabilities from manufacturers & poor access management, and using insecure storage and network connections.
Causes of data leaks from surveillance cameras
1. Weak & unchanged passwords
According to research, up to 60% of users do not change the default passwords of IoT devices, including surveillance cameras, making it easier for hackers to attack these devices. In Vietnam, many low-cost cameras retain their default passwords after installation, increasing the risk of being compromised (TechRadar). Furthermore, the use of weak passwords like "123456" or "password" remains common, allowing hackers to use brute force methods to gain access (Cyber UK).
2. Missing security patches
Research from the IoT Security Foundation indicates that over 70% of IoT devices are not regularly updated with security patches. This is especially dangerous for low-quality, cheap cameras where security vulnerabilities remain unpatched, providing an opportunity for hackers to take control of the system.
3. Manufacturer vulnerabilities & poor access control
Some camera manufacturers do not conduct rigorous security checks, leading to software vulnerabilities or insecure server systems. In many businesses, access management is poorly implemented, with multiple users sharing the same administrative account without clear permissions, making it easier for external attacks (Cyber UK).
4. Insecure storage & network connections
Many surveillance camera systems store data on cloud services or remote servers without proper encryption measures, leading to data leaks when the system is compromised. Additionally, insecure network connections lacking encryption and network security measures also provide opportunities for hackers to infiltrate systems through the network (TechRadar).
Consequences of camera breaches
When surveillance cameras are breached (data leaks) and taken over, the consequences go beyond privacy violations and financial extortion, potentially leading to larger-scale cyberattacks, particularly DDoS attacks.
1.Privacy violations
Images and videos from surveillance cameras can be sold on platforms like Telegram and Facebook. According to the Ministry of Information and Communications, these data are often traded for hundreds of thousands of VND per camera, especially for cameras installed in sensitive locations like bedrooms or changing rooms. This situation not only severely infringes on users' privacy but also poses greater risks to personal and societal security.
2. Reputational & financial damage
Private videos can be used as blackmail tools, forcing victims to pay to prevent the release of information. Furthermore, stolen images can be used to create deepfakes, causing reputational and financial damage to victims or enabling sophisticated fraud schemes (Cyber UK).
3. Large-Scale DDoS attacks
Escalating cyberattacks, especially distributed denial-of-service (DDoS) attacks, are one of the serious consequences when hackers gain control of surveillance cameras. According to the Threat Intelligence report, in 2023, the number of IoT devices involved in DDoS botnets increased from 200,000 to 1 million devices, with surveillance cameras accounting for the highest proportion.
Solutions to mitigate risks from surveillance cameras
Solutions to mitigate risks from surveillance cameras
1. Change default passwords & implement strong password policies
Users should immediately change the default passwords after installing the camera and create strong passwords that combine uppercase, lowercase letters, numbers, and special characters. This is essential to protect the device from brute force attacks, where hackers try multiple common passwords to gain access. According to reports from TechRadar, over 60% of users still keep the default password, making systems easily exploitable. Implementing two-factor authentication (2FA) will provide an additional layer of security, significantly enhancing the protection of devices against cyberattacks.
2. Install all available security patches promptly
Manufacturers should consistently provide security patches and recommend users update the firmware as soon as it’s available. This not only addresses security vulnerabilities but also strengthens system protection against increasingly sophisticated threats. Users should also proactively schedule regular checks and updates for the camera system to ensure the devices are always in their most secure state.
3. Enhance manufacturer security & implement strict access controls
Manufacturers need to conduct thorough security tests before product launches to eliminate exploitable vulnerabilities. This not only protects users but also enhances the product’s credibility.
For enterprises, access control should be strictly enforced with clear permission levels and restrictions on unnecessary access. These measures are crucial to minimizing the risk of attacks, especially when poor security management and vulnerabilities can allow hackers to infiltrate, causing significant damage to many businesses.
4. Utilize secure storage and network connections
Enterprises and individuals should prioritize using storage services with end-to-end encryption, ensuring that information is protected throughout the storage and transmission process. Implementing security measures such as using a secure network connection through VPN (Virtual Private Network), firewalls, and DDoS protection solutions is essential to safeguard systems from cyberattacks. Additionally, encrypting transmitted data using SSL/TLS protocols will maximize the security of connections between devices and network systems.
In reality, many camera systems are not fully equipped with encryption, leading to data leaks when exploited by hackers, posing significant security risks (TechRadar). Furthermore, businesses that do not have DDoS protection solutions to block malicious traffic from compromised devices, such as cameras, can experience severe impacts on their operations.
DDoS attacks exploiting camera takeovers
In recent years, DDoS attacks through the hijacking of surveillance cameras and IoT devices have rapidly increased in both frequency and scale, causing significant repercussions for businesses worldwide.
- Brazil Attack (2021): Several financial and online gaming companies in Brazil were hit by DDoS attacks through compromised surveillance cameras and IoT devices. Hackers exploited security vulnerabilities in these devices, resulting in substantial revenue and reputational damage (Cyber UK).
- GitHub Attack (2018): GitHub faced a 1.35 Tbps DDoS attack, disrupting systems for 10 minutes. Hackers utilized botnets from IoT devices, including surveillance cameras, to launch the attack.
- Dyn Attack (2016): More than 100,000 IoT cameras were exploited by hackers to create a massive botnet, attacking Dyn's DNS system. The incident disrupted major services such as Amazon, Netflix, and Twitter, affecting millions of users globally.
- OVH Attack (2016): The Mirai botnet, comprising 145,000 IoT cameras, was used to generate 1 Tbps of traffic, forcing OVH—a French web hosting company—to suspend its services temporarily. This was one of the strongest examples of the power of IoT botnets.
These attacks highlight the critical importance and urgency of securing IoT devices, especially surveillance cameras, to prevent exploitation. They also underscore the necessity for businesses to quickly invest in anti-DDoS solutions, as the attacks using surveillance cameras are escalating in both frequency and severity.
See more: Bot Management: Protecting businesses from automated threats.
VNIS - Preventing DDoS attacks from exploited surveillance cameras
With over 800,000 surveillance cameras in Vietnam potentially having security vulnerabilities, the risk of being compromised and used for DDoS attacks is increasing. VNIS provides a comprehensive solution that effectively blocks DDoS attacks targeting a company's website, applications, and APIs, regardless of the attack's origin.
VNIS integrates the world's leading CDNs (Multi-CDN) into a single platform, providing a system with flexible scalability and high efficiency. With over 2,300 CDN PoPs (Points of Presence) globally, a total bandwidth exceeding 2,600 Tbps, and domestic uplink reaching up to 10 Tbps, VNIS can support more than 8 million concurrent users (CCU) and handle over 9 billion requests per day. Notably, the system ensures uptime up to 99.99%, thanks to the Multi-CDN deployment mechanism, which minimizes infrastructure downtime risks and guarantees SLA commitments with customers.
VNIS acts as an intermediary layer between users and the customer's origin server. When a request comes from the internet, it is processed through two primary protection layers. Valid requests from real users are forwarded to the origin server to access information. Meanwhile, requests with malicious indicators are analyzed and blocked by VNIS's two protection layers, ensuring that the origin server is securely protected against any attacks.
The VNIS solution integrates AI Load Balancing and Multi-CDN technologies, improving performance and speeding up website access under normal conditions. The AI Load Balancing system, combined with Real User Monitoring (RUM), provides detailed analysis of attack sources and real user interactions with the website. This enables effective traffic orchestration to the website and load balancing across multiple servers with options such as IP hash, round-robin, or failover... enhancing the system's responsiveness and stability.
In the event of a DDoS attack with a large amount of traffic, the AI Load Balancing and CDN layers will distribute traffic to CDN server clusters, minimizing the impact of the attack and maintaining the website's stable operation. Additionally, the VNIS platform, equipped with Multi WAF and multiple Cloud WAF clusters globally, allows VNIS to leverage a dense Cloud infrastructure to quickly isolate threats when website traffic spikes. The WAF network monitoring system (Scrubbing Center) orchestrates the activities of Cloud WAF clusters across different countries, enabling more effective DDoS mitigation.
Hackers often employ various forms of attacks. When layer 3 (network) and layer 4 (transport) attacks prove ineffective, they may shift their focus to layer 7 (application) by exploiting vulnerabilities in the website, plugins, or servers to carry out attacks such as SQL Injection, XSS Injection, bots, crawlers, etc. To counter these threats, VNIS provides a WAF layer to shield vulnerabilities, ensuring that only valid requests reach the origin server.
VNIS operating model
In addition to its robust infrastructure and modern technology, VNIS places a strong emphasis on the human factor, with a team of security experts in countries such as Vietnam, Hong Kong, Taiwan, Singapore, and the UK. Our SOC system, in collaboration with experts, offers comprehensive monitoring and continuous alerts 24/7/365, ensuring early incident detection and timely response to maintain stable operations even in the face of attacks. With its superior quality, VNIS has been highly regarded and recommended for global use by reputable organizations such as ISO, Gartner, and the Ministry of Science and Technology of Vietnam.
Highly regarded by reputable organizations
In an era where cybersecurity threats, particularly DDoS, are becoming increasingly complex and rapidly escalating, equipping businesses with comprehensive security solutions like VNIS is not just an option, but an urgent requirement. Contact VNETWORK now via hotline: +84 (028) 7306 8789 or email: contact@vnetwork.vn to receive consultation and deploy the VNIS solution, ensuring absolute security for your business against all cybersecurity challenges, guaranteeing stable and sustainable operations.
