CCTV Zero-Day Exposes Critical Infrastructure to Mirai Botnet

CISA warned about the RCE zero-day vulnerability in AVTECH IP cameras in early August, and now vulnerable systems are being used to spread malware.

CCTV control room
Source: David Warren via Alamy Stock Photo

Industrial control systems and critical infrastructure operators are being warned about a campaign leveraging a known zero-day vulnerability in remote monitoring cameras to spread Mirai cryptominer botnets.

Researchers at Akamai found the Mirai cryptominer botnet campaign was exploiting a variety of previously disclosed vulnerabilities, but was notably focused on a zero-day command injection vulnerability in AVTECH closed-circuit television (CCTV) cameras tracked under CVE-2024-7029.

Affected camera models have been discontinued but are still in wide use across critical infrastructure, Akamai's researchers noted. There is no patch available and operators are being advised to rip out the affected devices and replace them with a more secure alternative.

"If there is no way to remediate a threat, decommissioning the hardware and software is the recommended way to mitigate security risks and lower the risk of regulatory fines," Akamai researchers advised.

On Aug. 1, the Cybersecurity and Infrastructure Security Agency (CISA) published an industrial control systems (ICS) advisory on the AVTECH IP camera zero-day, specifically citing the devices' use across critical infrastructure sectors, including commercial facilities, financial services, healthcare, and public health.

The Akamai researchers explained the zero-day vulnerability was already known and being used in cyberattacks to spread malware, long before it was formally assigned a CVE. This tack is increasingly popular among threat groups, the researchers said.

"A vulnerability without a formal CVE assignment may still pose a threat to your organization — in fact, it could be a significant threat," Akamai's team said in its report. "Malicious actors who operate these botnets have been using new or under-the-radar vulnerabilities to proliferate malware."

About the Author

Becky Bracken, Senior Editor, Dark Reading

Dark Reading

Becky Bracken is a veteran multimedia journalist covering cybersecurity for Dark Reading.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights