One such attack, recently observed by researchers from Web security firm Sucuri, targeted the website of one of the company s customers: a small bricks-and-mortar jewelry shop.
Around half of the devices displayed a generic H.264 DVR logo on the page, while others had more specific branding such as ProvisionISR, QSee, QuesTek, TechnoMate, LCT CCTV, Capture CCTV, Elvox, Novus, and MagTec CCTV.
The botnet seems to have a global distribution, but the countries with the largest number of compromised devices are Taiwan 24 percent , the U.S. 16 percent , Indonesia 9 percent , Mexico 8 percent , Malaysia 6 percent , Israel 5 percent , and Italy 5 percent .
Back in March, a security researcher found a remote code execution vulnerability in DVRs from more than 70 vendors.
Back in October, security vendor Imperva reported seeing DDoS attacks launched from a botnet of 900 CCTV cameras running embedded versions of Linux and the BusyBox toolkit.
If remote management or monitoring is needed, users should consider a deploying a VPN virtual private network solution that allows them to connect inside the local network first and then to access their DVR.