Industrial control systems and critical infrastructure operators are being warned about a campaign leveraging a known zero-day vulnerability in remote monitoring cameras to spread Mirai cryptominer botnets.
Researchers at Akamai found the Mirai cryptominer botnet campaign was exploiting a variety of previously disclosed vulnerabilities, but was notably focused on a zero-day command injection vulnerability in AVTECH closed-circuit television (CCTV) cameras tracked under CVE-2024-7029.
Affected camera models have been discontinued but are still in wide use across critical infrastructure, Akamai’s researchers noted. There is no patch available and operators are being advised to rip out the affected devices and replace them with a more secure alternative.
“If there is no way to remediate a threat, decommissioning the hardware and software is the recommended way to mitigate security risks and lower the risk of regulatory fines,” Akamai researchers advised.
On Aug. 1, the Cybersecurity and Infrastructure Security Agency (CISA) published an industrial control systems (ICS) advisory on the AVTECH IP camera zero-day, specifically citing the devices’ use across critical infrastructure sectors, including commercial facilities, financial services, healthcare, and public health.
The Akamai researchers explained the zero-day vulnerability was already known and being used in cyberattacks to spread malware, long before it was formally assigned a CVE. This tack is increasingly popular among threat groups, the researchers said.
“A vulnerability without a formal CVE assignment may still pose a threat to your organization — in fact, it could be a significant threat,” Akamai’s team said in its report. “Malicious actors who operate these botnets have been using new or under-the-radar vulnerabilities to proliferate malware.”