A big cyberattack on Friday impacted Internet service on the East Coast of the United States and kept several high-profile websites offline. Cyber security attacks later in the day were more global in nature. But Oct. 21, 2016, will also be remembered as the day our physical security industry’s legacy of apathy toward cybersecurity came back to haunt us.

Denial Of Service Attack

The cyberattack last week was carried out by a botnet, a network of bots, which are software applications (in this case, computer viruses) that communicate with each other and run tasks automatically over the Internet. Bots can infiltrate unprotected computers and then use the computing power of their “hosts” to carry out various kinds of cyber-attacks on other Internet targets. In the case of Friday’s attacks, a hidden army of bots worked together to bombard various websites with so many bogus requests that the sites became overwhelmed by the volume of traffic and could not respond to legitimate requests. It’s called a denial of service (DDS) attack.

Because of Friday’s attack, prominent websites such as Twitter, Spotify, and Reddit were inaccessible during periods of time throughout the day.

The problem for our marketplace – and the reason Friday’s attacks will forever highlight our historic apathy toward cybersecurity – is that many of the attacking bots in the scenario above were hosted by IP-enabled cameras and digital video recorders (DVRs). In other words, the bots used the computing power of our industry’s products to launch Friday’s headline-grabbing cyberattack.

The problem for our marketplace
is that many of the attacking
bots in the scenario above were
hosted by IP-enabled cameras
and digital video recorders

Easy Infiltration

Bots can infiltrate a computer or other device without any overt signs of trouble. A DVR, for example, can continue to operate as expected. The owner or operators of the equipment might not even know they have been infected. Because the equipment is still operating, no alarms are raised. The impact is only felt when those hidden bots are called to action (through their connecting network) to launch a cyberattack.

To be fair, cameras and DVRs were not the only devices hosting bots that were involved in Friday’s attack. Home networking gear, routers, phones and other connected (and hackable) devices were also involved. (Cybersecurity is an important consideration in the Internet of Things.)

Mirai Malware Program

Every device hosting a bot in Friday’s attack was infiltrated by a malware program called Mirai. Reportedly only 10 percent of existing Mirai-compromized hosts were involved in Friday’s event. It’s scary to consider how much damage can be done by a mere fraction of the bots out there waiting for their orders to attack. Increasingly, botnets are commodity resources that can be “rented out” by cyber criminals as tools for nefarious purposes.

How did the Mirai bots infiltrate their hosts? One factor was known default or weak credentials. In other words, host devices used their default login information and passwords. Failing to change the login and password when installing an IP camera or DVR was not uncommon in the days before physical security professionals began to wake up to the possible threats of cybersecurity. (It probably still happens today!)

It’s scary to consider how
much damage can be done
by a mere fraction of the bots
out there waiting for their
orders to attack

We in the physical security market have only been talking about cybersecurity for a year or two, and equipment before that time was often installed without even a cursory consideration of cybersecurity.

Another aspect is that the virus infiltrated through telnet connections. Among today’s best practices is to turn telnet access “off.” But years of less-than-optimal installations are still out in the world, still subject to botnet infiltration, still part of the problem that was so dramatically demonstrated last week.

Ignorance Towards Cybersecurity

And how much effort are we making today to diagnose any possible malware infestation of existing cameras and DVRs in the field? The tendency is to ignore the possibility of malware as long as the equipment keeps chugging along. How much is our continuing complacency a factor in last week’s attack? Or next week’s? Or an even larger and more devastating attack in the future?

So far, much of the discussion of the impact of cybersecurity on our market has been theoretical. (Although there have been other actual events to consider.) Friday’s cyberattack will no doubt raise the urgency of these concerns, and (hopefully) accelerate our pace of addressing the issues. They demand our attention.

Download PDF version

Author profile

Larry Anderson Editor, SourceSecurity.com

An experienced journalist and long-time presence in the US security industry, Larry is SecurityInformed.com's eyes and ears in the fast-changing security marketplace, attending industry and corporate events, interviewing security leaders and contributing original editorial content to the site. He leads SecurityInformed's team of dedicated editorial and content professionals, guiding the "editorial roadmap" to ensure the site provides the most relevant content for security professionals.

In case you missed it

Highlighting The Importance Of Security Integrations And Alliances
Highlighting The Importance Of Security Integrations And Alliances

Most technology companies have one goal in mind: to provide customers with high-quality, affordable products that can efficiently help streamline operations. Whether it's surveillance cameras, video management software, access control technology or any other type of security device, today's leading organizations invest in expertise in these product segments and strive to produce the highest quality solutions. To effectively fulfill this task, technology providers are always searching for emerging components to make their products and services even stronger. Oftentimes, a key aspect necessary to build a comprehensively robust solution involves finding like-minded partners that share a common goal and are willing to work together to create an integration that increases insight and intelligence.The interoperability between systems, devices and different types of applications should be intuitive and fast Key Factors For Security Integrations A basic factor in a partnership is openness. For an integration to perform seamlessly for the end user, the platform through which the technologies converge must follow standard protocols, easily operate with other platforms, allow freedom and customization, and provide adaptability. The interoperability between systems, devices and different types of applications should be intuitive and fast, enabling more time to be spent on analyzing critical data and responding to security events. The puzzle of a complete security solution contains many pieces, and it's often necessary to fuse together aspects from various providers to create a best-in-breed technology offering. When organizations collaborate, the end result is a simplified solution with an increased level of value. As threats become more severe and complex, customers demand solutions that combine different security and business elements into a single interface that can address a wide variety of risks.  A unified security system requires a strong collaboration between technology providers and integrated solutions Interconnected Security Devices Users used to only look at specific security devices - such as cameras or door alarms - as each having a strong, autonomous purpose, but now, every device plays an important interconnected role. And the progression of the Internet of Things (IoT) has made this transition even easier, as maintaining a consistent and uniform communication and interconnectivity between devices has now become the norm. The IoT has also made it so that partnerships must not only exist between manufacturers, but also within the customer's organizational structure. Although exceptionally beneficial, the IoT brings with it an increased amount of cyber vulnerabilities. As security systems are networked to increase flexibility, the door is opened to a number of potential threats that could compromise the entire enterprise. This risk highlights the need for an internal partnership and knowledge sharing between a company's physical security professionals and its IT team. IT experts should be pulled into security decisions and positioned as collaborative partners to assist with software updates, data safety protocols and solving complex network challenges, ultimately leading to a more cyber secure solution.Partnerships are beneficial to both the companies involved and their customers Knowledge Sharing And Learning Aside from cybersecurity, the latest prominent security attacks and events have focused primarily on soft targets, such as schools, concerts or shopping malls. This has caused many technology providers to venture into different vertical markets, and strong partnerships streamline this crossover. Innovators can extend their geographic reach and purpose through integrations with other like-minded manufacturers or integrators to add new levels of functionalities. Of course, a partnership cannot operate properly and to the best of its ability without a core component: learning. In today's evolving business and risk environment, knowledge is critical. A shared knowledge base can open up new opportunities and lead to the strengthening of security across many levels. A truly powerful, unified security system requires a strong collaboration between technology providers and integrated solutions. Partnerships are beneficial to both the companies involved and their customers, and the results created through these alliances can reach far beyond a user's expectations, offering enhanced flexibility and extensive safety options.

What Are The Security Challenges Of The Hospitality Market?
What Are The Security Challenges Of The Hospitality Market?

Hospitality businesses work to provide a safe and pleasant customer experience for their guests. Hotels offer a “home away from home” for millions of guests every day around the world. These are businesses of many sizes and types, providing services ranging from luxury accommodations to simple lodging for business travelers to family vacation experiences. Hospitality businesses also include restaurants, bars, movie theaters and other venues. Security needs are varied and require technologies that span a wide spectrum. We asked this week’s Expert Panel Roundtable: What are the security challenges of the hospitality market?

How SecuriThings Boosts Cybersecurity Across Multiple IoT Devices
How SecuriThings Boosts Cybersecurity Across Multiple IoT Devices

As Internet of Things (IoT) devices go, networked video cameras are particularly significant. Connected to the internet and using on-board processing, cameras are subject to infection by malware and can be targeted by Distributed Denial of Service (DDoS) attacks. Hacking of cameras also threatens privacy by allowing unauthorized access to video footage. The performance of hacked cameras can be degraded, and they may become unable to communicate properly when needed. Ensuring cybersecurity is a challenge, and the fragmented structure of the video surveillance market contributes to that challenge. A variety of companies are involved in manufacturing, integrating, installing and operating video systems, and cybersecurity threats can enter the picture at any stage. “It’s not always clear who is responsible,” says Yotam Gutman, vice president of marketing for SecuriThings, a cybersecurity company. “However, the only entities who can ensure cybersecurity are the security integrator and the service provider. They will bear the financial pain and are willing to pay for cybersecurity. An extra $1 or $2 per camera per month is not expensive.” SecuriThings’ “lightweight software agent” runs in the background of video cameras, sending information to an analytics system in the cloud IoT Device Security Management At the recent IFSEC trade show in London, SecuriThings unveiled its IoT Device Security Management (IDSM) approach to enable integrators to ensure cybersecurity. Founded in 2015, the company has around 20 employees in Tel Aviv, Israel, and operates a sales office in New York City. SecuriThings’ “lightweight software agent” runs in the background of video cameras, collecting metadata on camera processes and connections and sending information back to an analytics system in the cloud. Drag-and-drop deployment enables a camera to begin generating data within seconds and requiring only two mouse clicks. The cloud system analyzes data, pinpoints abnormalities, identifies new users, detects multiple entry attempts and tracks other camera processes to identify any cyberattacks. It monitors all devices, gateways, users and APIs to detect threats in real-time and mitigate the threats based on a pre-determined security policy. Machine learning tools also analyze more subtle activities that can indicate insider abuse. For example, a user support center can identify if cameras are being accessed improperly by employees, thus preventing insider abuse. Certified Vendor Agnostic Software SecuriThings is working with camera manufacturers and video management system (VMS) manufacturers to certify operation of its software agents with various camera models and systems. Working through integrators, such as Johnson Controls, is the fastest route to market, SecuriThings has determined. The system can be added after the fact to existing installations for immediate monitoring and remediation, or it can easily be incorporated into new systems as they are launched. “We have a strong sales team in the United States focusing on bringing the technology to more local and national integrators,” says Gutman. Certification ensures SecuriThings’ software agent can be installed in most modern camera models without negatively impacting operation; the software is vendor agnostic. Another eventual route to market is to work with camera manufacturers to install the SecuriThings software agent in cameras at the factory. In this scenario, the system can easily be “clicked on” when cameras are installed. The SecuriThings cloud system generates a dashboard that tracks system activities to identify any cybersecurity threats IoT Security Operations Center SecuriThings operation is transparent to the VMS, and the company works with VMS manufacturers to ensure the code operates seamlessly with their systems. Cloud analytics generate a dashboard that tracks system activities, and/or a managed service monitors the system and notifies customers if there is a problem. “We monitor it from our IoT Security Operations Center, a fully managed service that ensures the real-time detection and mitigation of IoT cyber-threats,” says Gutman. “We found that end-customers don’t have the manpower to monitor the system, so our experts can guide them.”Access control and cloud-based access control will be the next systems under cyberattack, and they are almost as vulnerable" A benefit for camera manufacturers is the ability of a system like SecuriThings to “level the playing field” on issues of cybersecurity, says Gutman. The approach provides a higher level of cybersecurity confidence for integrators and users, including those using cameras that have previously had cybersecurity problems such as “back door” access. SecuriThings has certified its software for use with Hikvision cameras and is in the process of certifying with Dahua, says Gutman. “Western manufacturers say their products are more secure, but we can help all camera manufacturers prove that they are just as secure,” says Gutman. “Integrators and users can log into a device and see all the activity.” Securing Connected Devices From Cyber Threats Beyond video, SecuriThings’ products target the full range of connected devices in the Internet of Things (IoT). The SecuriThings security solution enables real-time visibility and control of IoT devices deployed in massive numbers in smart cities, physical security, building automation, home entertainment and more. Video surveillance is an early focus because of market need, an opportunity to gain traction, and the critical nature of security applications. But the challenges are much broader than video surveillance. “We are seeing similar risks to other devices,” says Gutman. “Access control and cloud-based access control will be the next systems under cyberattack, and they are almost as vulnerable. If you can disable the access control system, you can cause a lot of problems.” Other connected devices that could be at risk include building automation and heating and cooling (HVAC) systems.