Mirai Botnet Attack Update: Dahua Role Diminished

  • Oct 25, 2016

In August, a Distributed Denial of Service (DDoS) attack occurred due to a massive botnet created by malware named Mirai. This attack was caused by vulnerabilities in a large number of IoT devices, such as security cameras and DVRs using default credentials. Dahua’s products were initially named as the victims of the hacking and the source of these DDOS attacks in reports by research firm Level 3 Communications, the Wall Street Journal, and industry trade publications.

A subsequent report by cybersecurity research firm Flashpoint was issued on October 7 confirming that the Mirai DDoS attacks originated primarily from devices manufactured by another video surveillance vendor, and not Dahua. The Flashpoint report prompted a series of headlines that downgraded our devices involvement in causing the attacks, by Forbes.com, Network Security News, and SecurityWeek.

We acknowledge the vulnerabilities that some of our pre-2015 cameras and DVRs have used default usernames and passwords. This may have caused exposure to risks when the devices are exposed to the Internet without firewall protection. Dahua has taken steps to resolve this vulnerability and offer solutions.  Keeping our customers informed of any threats or potential risks is a priority.

To address any potential issues, we have firmware updates available on the Dahua Wiki (http://dahuawiki.com/Firmware/Locate_Device_Firmware), and a dedicated channel for customers to ask questions about cybersecurity or report suspected vulnerabilities (cybersecurity@global.dahuatech.com).

We continue to remind our customers that it is crucial to select strong passwords, keep firmware updated, and only forward ports their devices actually need. We strongly recommend that our customers and partners review our list of cybersecurity best practices on our website at http://www.dahuasecurity.com/en/us/best-practices.php.

Specific to this issue, we are offering replacement discounts as a gesture of goodwill to customers who wish to replace pre-January 2015 models. End users can bring such products to an authorized Dahua dealer, where a technical evaluation will be performed to determine eligibility.

Above all, securing our customers' assets and protecting their Dahua products is of the utmost importance to us. We continue our commitment to work with our customers and partners to make our products and solutions as secure as possible.

Featured

  • Maximizing Your Security Budget This Year

    Perimeter Security Standards for Multi-Site Businesses

    When you run or own a business that has multiple locations, it is important to set clear perimeter security standards. By doing this, it allows you to assess and mitigate any potential threats or risks at each site or location efficiently and effectively. Read Now

  • New Research Shows a Continuing Increase in Ransomware Victims

    GuidePoint Security recently announced the release of GuidePoint Research and Intelligence Team’s (GRIT) Q1 2024 Ransomware Report. In addition to revealing a nearly 20% year-over-year increase in the number of ransomware victims, the GRIT Q1 2024 Ransomware Report observes major shifts in the behavioral patterns of ransomware groups following law enforcement activity – including the continued targeting of previously “off-limits” organizations and industries, such as emergency hospitals. Read Now

  • OpenAI's GPT-4 Is Capable of Autonomously Exploiting Zero-Day Vulnerabilities

    According to a new study from four computer scientists at the University of Illinois Urbana-Champaign, OpenAI’s paid chatbot, GPT-4, is capable of autonomously exploiting zero-day vulnerabilities without any human assistance. Read Now

  • Getting in Someone’s Face

    There was a time, not so long ago, when the tradeshow industry must have thought COVID-19 might wipe out face-to-face meetings. It sure seemed that way about three years ago. Read Now

    • Industry Events
    • ISC West
Most   Popular

Featured Cybersecurity

Webinars

New Products

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge. 3

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis. 3

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings. 3