Cybersecurity in the Workplace: Hikvision Cybersecurity Director Discusses Spear Phishing

October 31, 2018

Cybersecurity in the Workplace: Hikvision Cybersecurity Director Discusses Spear Phishing

As part of NCSAM (National Cybersecurity Awareness Month), Chuck Davis, Hikvision’s director of cybersecurity for North America is sharing weekly cybersecurity information designed to help better secure our homes, our workplaces, and the global Internet at large.

On October 15 we talked about cybersecurity at home, and then we discussed protecting yourself online. This week we are going to talk about cybersecurity in the workplace and focus on "spear phishing."

In previous blog posts, we have discussed phishing emails and how to identify them. You can read those blog posts here and here.

Today we are going to address a special kind of phishing attack called spear phishing. Targeted to a specific person or organization, spear phishing emails typically have information about the victim in the email that makes the email seem credible.

Recent Examples of Spear Phishing Campaign
A prominent example of spear phishing occurred during the 2016 presidential campaign. A Philadelphia Inquirer report, says that John Podesta, chairman of Hillary Clinton's presidential campaign, received "a misleading email that looked like a security notification from Google, asking Podesta to change his password by clicking an embedded link ... Podesta followed the email's instructions, changing his password and giving hackers access to 50,000 of his emails."

Another spear phishing method has to do with financial information. Earlier in 2018, a law firm posted a blog that gave the following example:

Spear phishing example #1

Another, newer attack method involves extortion. Lately, a handful of friends and colleagues said they received an email claiming that a malicious hacker had installed malware on their computer. The email showed a valid password belonging to the recipient, and explained that the attacker has access to the recipient’s webcam and has a log of their keystrokes. The attacker gives the recipient two choices:

  • Ignore the email and the attacker will send something embarrassing to all of the recipient’s contacts.
  • Or, pay a ransom in bitcoin, and the hacker will delete everything they have.

This email scam has been a popular spear phishing attack in 2018. As cybersecurity reporter, Brian Krebs, blogged about in July, “Here’s a clever new twist on an old email scam that could serve to make the con far more believable.”

If you happen to receive one of these emails, don’t panic. This is a scam.

How Did Attackers Get a Valid Password?
At a high level the attacker is using old lists of known usernames and passwords that were harvested from data breaches like LinkedIn, Adobe, etc. and posted, shared and sold on the dark web. This data has been floating around the Internet for years in some cases. But, because many people reuse passwords, they may still be using an old password on some sites. Next week, we'll include a more in-depth description of a spear phishing attack.

What Can Victims Do?
If you receive an email like this, there are some things you can and should do. Below is a list of those recommended actions:

  1. If this is a business email address, let your cybersecurity team know immediately about the threatening email. There could be an ongoing company-wide campaign that the cybersecurity team can stop. If the cybersecurity team is aware of the campaign they can also help educate employees.
  2. Visit This site is hosted by a respected cybersecurity professional named Troy Hunt. Make sure to enter all work and personal email addresses, and subscribe to get updates. If your email address is ever found in a data breach, you will be alerted. They won’t have every data breach, but if there are a large number of usernames and/or passwords posted to the dark web, the site will likely add that list and email you if your username/password has been part of that data breach.
  3. Use two-factor authentication (2FA) or multi-factor authentication (MFA) everywhere possible.
  4. Use a password manager. This will allow you to make great passwords (20 plus characters) that are unique for every website. And, you won’t need to remember any of them.
  5. Never reuse passwords. If you have reused passwords, take time to change them now, before it’s too late. Threat actors buy up username/password lists and start trying to login with the username and password on other sites, like Twitter, Facebook, and Spotify.
  6. If you are alerted that a password has been compromised, change it immediately and see item number three, above.
  7. Be skeptical about incoming email. Read the following phishing blog to learn more on how to identify phishing attacks.
  8. Be wary of short URLs. Malicious links are sometimes sent in short URLs through social media. Check short URLs with a tool like to preview the real address before clicking.
  9. Be aware of doppelganger domains, which are domain names that look like a valid, trusted domain like “” If you don’t look closely at URLs sent in email, you could quickly overlook this.

Check back next week for more details on what an extortion attack could look like.

IMPORTANT! This model requires non-standard firmware. Do Not Install standard firmware (e.g. v.4.1.xx) on this model. Doing so will permanently damage your system. You must use custom firmware v.4.1.25 from the iDS-9632NXI-I8/16S product page.

View the most updated version of this document here:


The I-series NVR (such as the DS-7716NI-I4) is one of Hikvision's most popular and feature-rich recorders. As such, many firmware revisions have been introduced over the years to continually ensure the product is compatible with the newest technology available. Due to the many revisions, we recommend that the user closely follows the instructions below in order to reduce the amount of time spent as well as the chance of failure.


Database Optimization and Repair

As more affordable IP cameras are introduced over time with greater video resolution and data sizes, more efficient database management also becomes necessary. The introduction of firmware v4.0 brought about a new database architecture in order to be futureproof.


After upgrading to v4.X, the recorder database will need to be converted and optimized. If you are experiencing issues where playback is expected but not found, make sure "Database Repair" is performed as indicated in the procedures and scenarios below.


Preparing the Upgrade

Before proceeding with upgrade, it is recommended that NVR configuration file is exported from the NVR over the network or on to a local USB drive.


Upgrading from v3.4.92 build 170518 or Older

  1. All recorders must reach v3.4.92 before proceeding further. Upgrading from versions before v3.4.92 directly to any version of v4.X will likely cause the recorder to fail.
  2. If the recorder is already at v3.4.92, a full factory default is highly recommended before upgrading to any version of v4.X. There is a high chance of unit failure (requiring RMA) if the unit is not defaulted before upgrade.
  3. After reaching v3.4.92 and performing a full factory default, an upgrade directly to v4.50.00 is acceptable.
  4. After the upgrade is completed and the recorder is reprogrammed, it may be beneficial to perform a Database Repair. For details, refer to the section "Database Optimization and Repair" above.
  5. To verify repair progress, you may refer to the HDD status, or search the recorder log for repair started and stopped entries. Note that while the HDD is repairing, new recordings are still being made, but some existing recordings may not be searchable until repair is complete.
  6. If you continue to observe playback issues after database repair, ensure there are no power, network, or motion detection issues. Should the problem persist, contact technical support.


Upgrading from Any v4.X Build to v4.50.00.

  1. Any v4.X build can be upgraded directly to v4.50.00.
  2. Export configuration is highly recommended before performing the upgrade.
  3. If upgrading from any v4.X version that was not v4.22.005, a Database Repair is recommended. Refer to Step 4 and onwards in the previous section.



Downgrading is not recommended. Due to new features and parameters constantly being added, downgrading may cause the NVR to factory default itself or require a manual default to operate properly.

View the most updated version of this document here:
K-Series DVR upgrade instruction
The Turbo 4 Hybrid DVR K series has multiple models and across different platform and chipset. It also has similar firmware development of other recording product line; DVR K series has also introduced the GUI4.0 to ensure the series to be compatible to the newest technology available. The new database architecture is also brought into the DVR firmware v4.0 to be future proof and for better recording search experience. 

Database Optimization and Repair

As more affordable cameras introduced over time with greater video resolution and data sizes, more efficient database management also becomes necessary. The introduction of firmware v4.0 brought about a new database architecture in order to be futureproof.
After upgrading to v4.X, the recorder database will need to be converted and optimize. If you are experiencing issues, where playback is expected but not found, please make sure to perform "Database Rebuild" as indicated in the procedures and scenarios below.

Preparing the Upgrade

Before proceeding with upgrade, it is recommend exporting DVR configuration file from the DVR over the network or on to a local USB drive.


Action after firmware upgraded 

1. Upgrade the DVR according to the chart above. 

2. Reconfirming Channel's Recording Schedule 

    - Confirm channel's recording schedule is enable. 

    - Check if the channel is on correct recording schedule.

3. Double Check Storage Setting

    - Make sure all channel are assigned to record on its HDD group when the Storage setting is under Group Mode. 

4. Perform Database Rebuild locally. 

    • Some version above support Database Rebuild via web access - K51 and K72

    • Perform Database Rebuild regardless if system is having any database issue symptom. 

    • Database Rebuild process is average ~30 to 60min per TB. The process may still varies depends recording data.

    • After Database Rebuild - Check log to confirm Database Rebuild has went thru properly. 

    • If Database Rebuild Started and Stopped log has been log only within few minutes. Database rebuild may not has been completed properly. It is strongly recommend performing the Database Rebuild again.

    • To check log > System > Log > Information > Database Rebuild Started and Stopped.

    • If the log option is not available - access system via SSH can also obtain similar result.

5. Recording Data is still missing after database rebuild process. 

If the data has not been recorded or has been overwritten, Database rebuild process is not able retrieve those lost data. Have the system upgraded to the latest available firmware version above to prevent any future data lost is strongly recommended for all application.





By downloading and using software and other materials available via this website, you agree to be legally bound by HIKVISION General Terms of Use . If you don’t agree to these terms, you may not download or use any of those materials.

If you are agreeing on behalf of your company, you represent and warrant that you have legal authority to bind your company to the General Terms of Use above. Also you represent and warrant that you are of the legal age of majority in the jurisdiction in which you reside (at least 18 years of age in many countries).