Researchers at a security firm have uncovered a network of thousands of compromised CCTV cameras and webcams controlled by hackers to carry out comprehensive cyberattacks targeting government and online banking websites. Notorious hacking collective Lizard Squad, infamous for their antics in bringing down the PlayStation and Xbox Live gaming networks have assembled a comprehensive botnet of CCTV cameras and webcams. The network of cameras was discovered by researchers at Arbor Networks, a cybersecurity firm. The botnet, dubbed LizardStresser, was originally written by the DDoS group before its source code was released publicly in 2015. Since then, other DDoS actors have used the code to build their own botnets. Written in C, the botnet is programmed to run on Linux. The code is triggered on compromised Linux machines that connect to a C2 server. Using a knock-off version of an IRC chat server, the protocol sees infected machines connect to the C2 server to receive the malicious commands. Notably, the group behind LizardStresser have targeted Internet of Things (IOT) devices by simply using default passwords that are commonly shared among the device family. Matthew Bing, security researcher at Arbor wrote the following on the company blog:
Utilizing the cumulative bandwidth available to these IOT devices, one group of threat actors has been able to launch attacks as large as 400Gbps targeting gaming sites world-wide, Brazilian financial institutions, ISPs, and government institutions.
Two LizardStresser C2 servers have been identified as operations from the same group of attackers. While they communicate in English between each other, the targets are predominantly installations in Brazil, as well as gaming websites in the United States. The targets include two of each among banks, telecoms and government agencies in Brazil. Furthermore, three large U.S.-based gaming companies were also targeted. What’s perhaps most alarming is that attackers now have the blueprint to amass entire botnets of IOT devices. All they evidently need is the default passwords of IOT devices to command DDoS attacks upwards of 400 Gbps, a staggering feat achieved by simply researching and finding the default passwords of the CCTV cameras and webcams.