Security News > 2020 > March > Zero-Day Vulnerabilities in LILIN DVRs Exploited by Several Botnets
Cybercrime groups have been exploiting vulnerabilities in digital video recorders made by Taiwan-based surveillance solutions provider LILIN to increase the size of their botnets.
The vendor released firmware updates that should patch the exploited flaws on February 14, but the vulnerabilities had a zero-day status until this date.
The command injection vulnerabilities affect three parameters: NTPUpdate, FTP and NTP. Qihoo 360 spotted the Chalubo malware exploiting the NTPUpdate vulnerability in August 2019, then it saw the FBot malware exploiting the FTP and NTP flaws on January 11, and finally it noticed Moobot attacks through the FTP vulnerability on January 26.
These pieces of malware, all of which are based on the notorious Mirai and allow cybercriminals to launch distributed denial-of-service attacks, exploited the LILIN zero-day vulnerabilities to spread. In some cases, exploitation involves both the use of hardcoded or default credentials and the command injection vulnerabilities.
It's not uncommon for IoT botnets to target video surveillance devices, particularly since many of these products are plagued by serious and easy to exploit vulnerabilities.