Threat actors are exploiting security flaws in end-of-life GeoVision IoT devices, repurposing them into a Mirai botnet for DDoS assaults. Discovered by Akamai's Security Intelligence team, these attacks utilize two critical command injection vulnerabilities to execute arbitrary commands. As many older devices lack ongoing support or firmware updates, the recommendation for users is clear: upgrade to modern models to mitigate security risks. This highlights the ongoing issue of cybersecurity in outdated technology, particularly those that manufacturers no longer maintain.
"The exploit targets the /DateSetting.cgi endpoint in GeoVision IoT devices, and injects commands into the szSrvIpAddr parameter," Akamai researcher Kyle Lefton said in a report shared with The Hacker News.
"One of the most effective ways for cybercriminals to start assembling a botnet is to target poorly secured and outdated firmware on older devices," Lefton said.
"There are many hardware manufacturers who do not issue patches for retired devices (in some cases, the manufacturer itself may be defunct)."
Users of affected GeoVision devices are advised to upgrade to newer models to safeguard against potential threats as security updates are unlikely to be provided.
Collection
[
|
...
]