Attempted attacks against TVT Digital Technology's NVMS9000 DVRs which had its firmware last updated seven years ago have surged, with devices impacted by an information disclosure flaw reported in May targeted by more than 2,500 IPs suspected to be part of a Mirai-based botnet on Thursday, according to BleepingComputer.
Vulnerable TVT DVRs, most of which are in the U.S., UK, and Germany, have been subjected to intrusions from 6,600 unique IPs during the past month, most of which are from Taiwan, Japan, and South Korea, a report from GreyNoise showed. Such findings come amid increased targeting of internet-exposed DVRs by botnets, including Mirai, HiatusRAT, and FreakOut. While updating impacted devices has been primarily advised to prevent potential distributed denial-of-service attacks, users that could not apply updates have been urged to restrict public internet access to DVR ports, as well as prohibit requests from listed IP addresses.
Vulnerable TVT DVRs, most of which are in the U.S., UK, and Germany, have been subjected to intrusions from 6,600 unique IPs during the past month, most of which are from Taiwan, Japan, and South Korea, a report from GreyNoise showed. Such findings come amid increased targeting of internet-exposed DVRs by botnets, including Mirai, HiatusRAT, and FreakOut. While updating impacted devices has been primarily advised to prevent potential distributed denial-of-service attacks, users that could not apply updates have been urged to restrict public internet access to DVR ports, as well as prohibit requests from listed IP addresses.
