Threat actors will, truth be told, target anything and everything if it offers an opportunity to infiltrate a network or gain access to data. Perhaps the most dangerous of all are what the U.S. Cybersecurity Infrastructure and Security Agency has previously referred to as unsophisticated hackers that exploit exposed assets, including those that have not been patched for known vulnerabilities. Such is the case with this latest warning from “America’s Cyber Defense Agency” which involves active and ongoing security camera attacks. Here’s what you need to know and do.
Camera Hack Attacks Confirmed — What You Need To Know
Not all hack attacks involve retail ransomware threats, or password theft from popular web browsers, or even Microsoft Windows, despite the number of headlines you read. Some are more niche than that. Some target the Internet of Things, with routers being an oft-reported example. Some, as CISA has now confirmed, target security cameras.
The August 5 CISA security alert has warned that it has “evidence of active exploitation” concerning a number of security cameras from D-Link. The vulnerabilities concerned, three in total and impacting five devices, have now been added to the CISA Known Vulnerabilities Catalog.
The vulnerabilities are:
- CVE-2020-25078 — An unspecified vulnerability type impacting D-Link DCS-2530L and DCS-2670L devices.
- CVE-2020-25079 — A command injection vulnerability impacting D-Link DCS-2530L and DCS-2670L devices.
- CVE-2022-40799 — A download of code without integrity check vulnerability impacting the D-Link DNR-322L device.
What’s intriguing, and worrying in equal measure, is that all of these vulnerabilities are not new. In fact, they are positively ancient in cybersecurity terms, dating from 2020 through 2022, and all have had firmware patches to resolve the issues.
These unpatched vulnerabilities are now under active attack, CISA warned, and “pose significant risks to the federal enterprise.” Which is why those agencies have just 21 days to get their patch management plans in order. Everyone else, however, needs to ensure that they have done the same. You can check the precise camera device firmware update requirements by following the links in the CISA alert, and users are advised to find out more by staying up to date with D-Link security bulletins.
