Rising Threat of Malware and DDoS Attacks on Government Organizations

By Douglas McKee, Executive Director, Threat Research at SonicWall [ Join Cybersecurity Insiders ]
1035
Data Breaches

In July 2024, the FBI and CISA issued warnings about increasing Distributed Denial of Service (DDoS) attacks on election infrastructure and related systems. Throughout 2024, SonicWall has tracked a notable rise in DDoS attacks, with a projected 32% increase by year’s end compared to 2023. These attacks, which could be aimed at disrupting public access to crucial election information, are increasingly targeting not only election systems but also broader government agencies. Data from 2024 shows consistent growth in these attacks, with major spikes recorded in May and August, confirming the severity of federal concerns.

Cybersecurity Risks in Everyday Devices: The Hezbollah Pager Attack

The 2024 Hezbollah pager supply chain attack underscores the threat posed by everyday devices with weak security. Attackers have begun targeting these devices to access critical systems, exploiting gaps in cybersecurity and using them as backdoors to initiate widespread attacks. Such methods could easily extend to IP cameras at polling locations like schools and churches, which often have weaker security measures. Attackers might compromise these cameras, potentially accessing sensitive information or even disrupting voting processes.

Potential Impacts on Election Security and Public Trust

If attackers were to sabotage IP cameras at polling places—similar to the tactics in the Hezbollah pager attack—the impact could be devastating. Beyond compromising physical security, such an attack could force evacuations, delay voting, and damage infrastructure. The psychological impact of such incidents could significantly erode public confidence in election integrity, possibly leading to delays, contested results, and heightened social unrest. While many cyber criminals are financially motivated, state-sponsored actors are often driven by disruption and psychological warfare, making these attacks particularly insidious.

Emerging Vulnerabilities in IoT Devices and IP Cameras

IoT devices, like IP cameras, are becoming prime targets for cyberattacks due to their weak security protections. SonicWall has observed over 12.9 million attempts to exploit IP camera vulnerabilities in 2024 alone. Compromised devices can be hijacked to disable surveillance or participate in large-scale DDoS attacks. Hackers, including state-sponsored entities, might target IP cameras in government facilities or election centers to conduct surveillance, manipulate camera feeds, or even disable security systems, posing a significant threat during sensitive operations.

Critical Vulnerabilities in Major IP Camera Brands

IP cameras from brands like Hikvision, Axis, and WIFICAM have known vulnerabilities that hackers exploit to infiltrate networks:

  • Hikvision Command Injection (CVE-2021-36260) allows attackers to inject commands, gaining full control of a device and making it susceptible to espionage and botnet recruitment.
  • Authentication Bypass (CVE-2017-7921) on Hikvision cameras enables attackers to bypass login mechanisms, compromising administrative functions and potentially disrupting surveillance.
  • Wireless IP Camera Weaknesses in P2P-enabled devices with weak authentication are also highly vulnerable, allowing attackers to access video feeds, alter settings, or launch attacks on connected networks.

During election cycles, compromised IP cameras could disrupt security at voting stations or ballot storage facilities, enabling attackers to tamper with feeds or disable cameras. The involvement of threats like the Reaper IoT botnet, which actively seeks out vulnerable devices, amplifies these risks by making coordinated DDoS attacks more feasible.

Mitigation Strategies for IP Camera Security

To safeguard IP cameras and related IoT devices, organizations should consider the following best practices:

  • Regular Firmware Updates: Keep devices updated to protect against recent threats.
  • Network Segmentation: Isolate IP cameras on separate networks to prevent them from being gateways to broader attacks.
  • Zero Trust Network Access (ZTNA): Enforce strict identity and access checks, even on isolated networks, to prevent unauthorized access.
  • Strong Authentication: Use complex, unique passwords and disable default credentials.
  • Monitor Logs and Traffic: Regularly monitor for unusual activities, especially on critical networks.
  • Disable Unnecessary Features: Restrict or disable remote access, particularly P2P functionality, to minimize potential entry points.

These strategies can help organizations better protect IP cameras and other IoT devices, preserving the security of government and election infrastructure against evolving cyber threats.

Ad

No posts to display