Critical Infrastructure at Risk: Mirai Botnet Exploits CCTV Zero-Day Vulnerability

August 28, 2024

A zero-day vulnerability in AVTECH IP cameras is being exploited as part of a Mirai botnet campaign, putting industrial control systems and critical infrastructure at risk. The campaign is leveraging a known remote code execution (RCE) vulnerability to spread Mirai cryptominer botnets.

Akamai researchers identified the campaign, highlighting its focus on a zero-day command injection vulnerability in AVTECH CCTV cameras, which is tracked under CVE-2024-7029. The affected camera models, although discontinued, are still widely used across critical infrastructure.

Unfortunately, there is no available patch for this vulnerability. Operators are being urged to remove the affected devices and replace them with more secure alternatives. Akamai researchers advised, "If there is no way to remediate a threat, decommissioning the hardware and software is the recommended way to mitigate security risks and lower the risk of regulatory fines."

In August, CISA issued an advisory on the AVTECH IP camera zero-day, emphasizing the use of these devices across critical sectors such as commercial facilities, financial services, healthcare, and public health.

The Akamai team noted that this zero-day vulnerability was already being exploited in cyber attacks to spread malware, even before it was officially assigned a CVE. They pointed out that this approach is becoming increasingly common among threat groups. The team stated in their report, "A vulnerability without a formal CVE assignment may still pose a threat to your organization — in fact, it could be a significant threat." They added that malicious actors operating these botnets have been exploiting new or less-known vulnerabilities to spread malware.

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.