Compromised DVRs Flood the Internet – Unsecured Video Recorders Discovered in the Wild
What Happened — Researchers at SANS Internet Storm Center reported a surge of compromised digital video recorders (DVRs) being scanned and abused across multiple IP ranges. The devices, often deployed by third‑party vendors for surveillance, were found running unauthorized services and participating in botnet activity.
Why It Matters for TPRM —
- Insecure IoT hardware can become a foothold for attackers to pivot into corporate networks.
- Third‑party surveillance equipment may expose sensitive video feeds or serve as a launchpad for lateral movement.
- Lack of firmware patching and default credentials are common weaknesses that vendors must verify.
Who Is Affected — Retail, hospitality, manufacturing, and any organization that outsources video surveillance to third‑party providers.
Recommended Actions — Conduct an inventory of all deployed DVRs, verify firmware is up‑to‑date, enforce strong, unique credentials, and require vendors to provide a secure update mechanism.
Technical Notes — Attack vector appears to be default or weak credentials combined with exposed web interfaces; no specific CVE was cited. Compromised devices were observed performing port scans and DDoS traffic, indicating botnet enrollment. Source: SANS ISC Guest Diary