Industrial control systems and critical infrastructure operators have been put on high alert due to a concerning campaign exploiting a known zero-day vulnerability in remote monitoring cameras to distribute Mirai cryptominer botnets.
According to researchers at Akamai, the Mirai cryptominer botnet campaign is making use of several previously identified vulnerabilities, with a specific focus on a zero-day command injection vulnerability in AVTECH closed-circuit television (CCTV) cameras known as CVE-2024-7029.
While the affected camera models have been discontinued, they are still widely used across critical infrastructure sectors, posing a significant risk. Unfortunately, there is currently no patch available to address the vulnerability, leaving operators with the only option to remove the compromised devices and install a more secure alternative.
In light of this situation, Akamai researchers have recommended decommissioning the hardware and software if there is no viable way to remediate the threat. This approach can help mitigate security risks and reduce the likelihood of facing regulatory fines.
On August 1, the Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory specifically addressing the AVTECH IP camera zero-day vulnerability in industrial control systems (ICS). The advisory highlighted the widespread use of these devices across critical sectors such as commercial facilities, financial services, healthcare, and public health.
The Akamai researchers also pointed out that the zero-day vulnerability in question had already been known and exploited by cybercriminals to spread malware well before it was officially assigned a CVE. This strategy of leveraging undisclosed vulnerabilities in cyberattacks is becoming increasingly popular among threat actors.
In their report, Akamai’s team emphasized the potential threat posed by vulnerabilities that have not yet been assigned a CVE. They warned that these vulnerabilities could still be exploited by malicious actors to propagate malware and other malicious activities.
As the risk of cyber threats continues to evolve and expand, it is crucial for operators of industrial control systems and critical infrastructure to stay vigilant and take proactive measures to secure their systems. By promptly addressing known vulnerabilities, implementing robust security measures, and staying informed about emerging threats, organizations can better protect themselves against malicious attacks targeting their infrastructure and operations.