Trojans

DVRs are being targeted by hackers, says security expert

When looking for the source of a malicious infection on a computer network, a digital video recorder (DVR) might not make it on the radar of a malware fighter. That could be a mistake, according to one security expert.

"I can show you today 10,000 hacked DVRs in the United States alone," NorseCorp CTO Tommy Stiansen said in an interview.

NorseCorp bills itself as a gatherer of intelligence from the dark side of the Internet. It has more than 1000 computers acting as honeypots around the globe raking in 19TB of data a day on malicious activity and providing real-time threat information to organizations that plug into its API.

Norse recently discovered that one of its clients, a credit union, was spewing malicious traffic to the intelligence firm's honeypots. "The bank was completely infiltrated with malware," Stiansen said.

DVR
Protect DVRs from hackers.

The scary part about the situation was that traffic wasn't being generated by the bank's infrastructure. "The traffic was coming from a DVR from a cable provider connected to the banks network," Stiansen added. "The DVR had been compromised and had compromised the whole network of the bank."

The credit union posted a warning on its website to its customers alerting them that they may be the target of scams, not realizing that the financial institution itself was infecting its customers with the malware that was making them the targets, Stiansen said.

No firewall for the DVR was provided by the cable company, so it was up to the network administrator to segment the DVR from the network. That's the kind of security precaution most administrators would overlook, Stiansen said. After all, what network administrator would think that their DVR had been compromised?

"It's scary, but that's the state of technology today," he said.

Cybercriminals have long been using malware that allows them to infect banking websites and steal customers credentials with bogus forms and such but recently they've adopted automation techniques that allow them to eavesdrop on live banking sessions and perform transactions under a customer's nose.

However, one of the most popular ways to compromise banking credentials remains the use of banking Trojans like Zeus, whose writers have expanded its targets in recent times to include Facebook members, and payroll services.

Zeus can be a particularly difficult pernicious infection to counter because there are so many variants of it. "There is one new variant of Zeus created every day," Stiansen said.

Subscribe to the Best of TechHive Newsletter

Comments