Reset

Hikvision Senior Director of Cybersecurity on Four Recent Coronavirus Cyber Scams and Hacks, Plus Hikvision’s Cyber Tip of the Week

April 3, 2020

Hikvision HikWire blog article Chuck Davis cybersecurity

In recent blogs, Hikvision senior director of cybersecurity Chuck Davis discussed phishing hacks and malware related to the coronavirus, and tips to avoid them.

As COVID-19 becomes a global concern, cybercriminals are leveraging this tragedy to spread their own kind of virus and digital attacks to prey on the fears of people around the world.

In this blog, Hikvision’s Davis covers four recent coronavirus cyber scams and hacks related to COVID-19, and more.

 

Four COVID-19 Themed Cyberattacks
COVID-19 remains a top story in international news and is also the theme of many attackers on the Internet. Below are four recent COVID-19 themed attacks on home networks, hospitals, and consumers.

1) Home Router Attack: The ARSTechnica.com article, “New Attack on Home Routers Sends Users to Spoofed Sites That Push Malware,” outlined how cybercriminals are gaining access to home routers and making DNS changes that send users to malicious websites. At the time of this writing, both Linksys and D-Link routers have been targeted. According to Bleeping Computer, for five days people have been reporting their web browser would open on its own and display a message prompting them to download a 'COVID-19 Inform App' that was allegedly from the World Health Organization (WHO). Of course, this is a malicious download that executes a relatively new piece of malware that extracts browser credentials, cryptocurrency wallet addresses, and possibly other types of sensitive information. While it is unclear how the attackers are gaining access to the routers, experts suspect that attackers are guessing weak passwords. To prevent this attack, turn off remote management to your router, or if you need that feature, ensure that you have a very good password. If possible, enable multi-factor authentication as well.

2) Hospitals Attacked: On March 22, the Paris hospital authority, AP-HP, was the target of a cyberattack which, “sought to disable hospital service in the French capital by overwhelming its computers” reports Bloomberg. While the attack was not successful, it is the next in a series of hospitals that have become the target of cyberattacks during the COVID-19 pandemic. Others include the U.S. Health and Human Services Department, Australia’s welfare website, and the Czech Republic’s second largest hospital.

3) Free Netflix Pass is a Scam: Cybersecurity provider Bitdefender covered this scam in its newsletter. And, Graham Clueley reported that scammers are sending messages through social media that are offering a free Netflix pass during the COVID-19 coronavirus pandemic. This scam asks the victim some questions and then has them invite 10 friends to get the free pass. The scam has been issued in both English and Spanish. While this would normally seem like an obvious scam, it currently seems more believable because many companies are offering free services to help people who have been impacted by the pandemic.

4) Stimulus Check Scam: Security company, KnowBe4, reported of an FBI alert warning of a coronavirus-related phishing attacks, “particularly surrounding economic stimulus checks. The news that the US government is likely to send upwards of $1,000 to most Americans has created a golden opportunity for scammers, especially since the delivery method for the cash is still uncertain.”

 

Cybersecurity Heroes
Are you sick of attackers using COVID-19 as the basis of their phishing, malware and cyberattacks? You’re not alone! Forbes reported that there are two groups of cybersecurity expert volunteers who are working hard to defend cyberattacks against hospitals, discover and thwart COVID-19 phishing attacks and malware.

The first group, named Cyber Volunteers 19 (CV19), was formed and is operated by three cybersecurity experts: Lisa Forte, Daniel Card and Radoslaw Gnat. The CV19 website states that their purpose is, “To facilitate and enable a Volunteer Matchmaking service to give healthcare services access to a pool of cyber security experts.”

The second group, Called COVID-19 CTI League, was started by Ohad Zaidenberg, an Israel-based cyberthreat researcher who stated, “If anyone is sick enough to use this global crisis to conduct cyberattacks, we need to try to stop them,” Cyberscoop reports.

Both groups report that they hope these volunteer efforts to thwart cyberattacks will continue, even after COVID-19 is under control.

 

More Online Credit Card Skimming
Previously we discussed how NutriBullet and some other sites were found to have credit card skimming malware on their websites. Now we can add Tupperware to the list. SecurityWeek.com reports that, “According to Malwarebytes, the credit card skimmer planted on the Tupperware website displayed a fake payment form during the checkout process. The form asked unsuspecting users to provide information such as name, billing address, phone number, credit card number, card expiry date, and CVV.”

 

Hikvision’s Tip Of The Week
Multi-Factor Authentication (MFA), also referred to as Two-Factor Authentication (2FA), is a way to add another layer of protection when you log into websites and applications. Typically, we log into things with a username and password, however, there are three problems with this method:

  1. If a threat actor can get your password, they can access your account.
     
  2. Users tend to create easily-guessed passwords.
     
  3. Users tend to reuse passwords across multiple accounts, leaving them vulnerable to Credential Stuffing Attacks.

 

Here are three ways you can prevent hacks and your account from being compromised:

  1. Create good passwords.
     
  2. Use a password manager to create and store those passwords so you don’t have to reuse them.
     
  3. Enable Multi-factor authentication everywhere you can.

With MFA enabled, you’ll need to login with a username, password, and something else, like a 6-digit number that you receive from an SMS (text) message, from an app on your phone, or other device. The reasoning behind this is that the threat actor would likely not have access to your mobile phone, or some other physical device that creates those codes. Biometrics can also be used for MFA, however, the argument against biometrics is that you cannot change things like your fingerprint if a threat actor is able to replicate it. SMS has also been criticized for not being as secure as other methods of MFA. However, SMS MFA is better than no MFA at all.

IMPORTANT! This model requires non-standard firmware. Do Not Install standard firmware (e.g. v.4.1.xx) on this model. Doing so will permanently damage your system. You must use custom firmware v.4.1.25 from the iDS-9632NXI-I8/16S product page.

View the most updated version of this document here:

https://techsupportca.freshdesk.com/en/support/solutions/articles/17000113531-i-series-nvr-firmware-upgrade-instructions

 

The I-series NVR (such as the DS-7716NI-I4) is one of Hikvision's most popular and feature-rich recorders. As such, many firmware revisions have been introduced over the years to continually ensure the product is compatible with the newest technology available. Due to the many revisions, we recommend that the user closely follows the instructions below in order to reduce the amount of time spent as well as the chance of failure.

 

Database Optimization and Repair

As more affordable IP cameras are introduced over time with greater video resolution and data sizes, more efficient database management also becomes necessary. The introduction of firmware v4.0 brought about a new database architecture in order to be futureproof.

 

After upgrading to v4.X, the recorder database will need to be converted and optimized. If you are experiencing issues where playback is expected but not found, make sure "Database Repair" is performed as indicated in the procedures and scenarios below.

 

Preparing the Upgrade

Before proceeding with upgrade, it is recommended that NVR configuration file is exported from the NVR over the network or on to a local USB drive.

 

Upgrading from v3.4.92 build 170518 or Older

  1. All recorders must reach v3.4.92 before proceeding further. Upgrading from versions before v3.4.92 directly to any version of v4.X will likely cause the recorder to fail.
  2. If the recorder is already at v3.4.92, a full factory default is highly recommended before upgrading to any version of v4.X. There is a high chance of unit failure (requiring RMA) if the unit is not defaulted before upgrade.
  3. After reaching v3.4.92 and performing a full factory default, an upgrade directly to v4.50.00 is acceptable.
  4. After the upgrade is completed and the recorder is reprogrammed, it may be beneficial to perform a Database Repair. For details, refer to the section "Database Optimization and Repair" above.
  5. To verify repair progress, you may refer to the HDD status, or search the recorder log for repair started and stopped entries. Note that while the HDD is repairing, new recordings are still being made, but some existing recordings may not be searchable until repair is complete.
  6. If you continue to observe playback issues after database repair, ensure there are no power, network, or motion detection issues. Should the problem persist, contact technical support.

 

Upgrading from Any v4.X Build to v4.50.00.

  1. Any v4.X build can be upgraded directly to v4.50.00.
  2. Export configuration is highly recommended before performing the upgrade.
  3. If upgrading from any v4.X version that was not v4.22.005, a Database Repair is recommended. Refer to Step 4 and onwards in the previous section.

 

Downgrading

Downgrading is not recommended. Due to new features and parameters constantly being added, downgrading may cause the NVR to factory default itself or require a manual default to operate properly.

View the most updated version of this document here:
K-Series DVR upgrade instruction
The Turbo 4 Hybrid DVR K series has multiple models and across different platform and chipset. It also has similar firmware development of other recording product line; DVR K series has also introduced the GUI4.0 to ensure the series to be compatible to the newest technology available. The new database architecture is also brought into the DVR firmware v4.0 to be future proof and for better recording search experience. 
 


Database Optimization and Repair

As more affordable cameras introduced over time with greater video resolution and data sizes, more efficient database management also becomes necessary. The introduction of firmware v4.0 brought about a new database architecture in order to be futureproof.
After upgrading to v4.X, the recorder database will need to be converted and optimize. If you are experiencing issues, where playback is expected but not found, please make sure to perform "Database Rebuild" as indicated in the procedures and scenarios below.
 


Preparing the Upgrade

Before proceeding with upgrade, it is recommend exporting DVR configuration file from the DVR over the network or on to a local USB drive.

 

Action after firmware upgraded 

1. Upgrade the DVR according to the chart above. 

2. Reconfirming Channel's Recording Schedule 

    - Confirm channel's recording schedule is enable. 

    - Check if the channel is on correct recording schedule.

3. Double Check Storage Setting

    - Make sure all channel are assigned to record on its HDD group when the Storage setting is under Group Mode. 

4. Perform Database Rebuild locally. 

    • Some version above support Database Rebuild via web access - K51 and K72

    • Perform Database Rebuild regardless if system is having any database issue symptom. 

    • Database Rebuild process is average ~30 to 60min per TB. The process may still varies depends recording data.

    • After Database Rebuild - Check log to confirm Database Rebuild has went thru properly. 

    • If Database Rebuild Started and Stopped log has been log only within few minutes. Database rebuild may not has been completed properly. It is strongly recommend performing the Database Rebuild again.

    • To check log > System > Log > Information > Database Rebuild Started and Stopped.

    • If the log option is not available - access system via SSH can also obtain similar result.

5. Recording Data is still missing after database rebuild process. 

If the data has not been recorded or has been overwritten, Database rebuild process is not able retrieve those lost data. Have the system upgraded to the latest available firmware version above to prevent any future data lost is strongly recommended for all application.

 

 

 

 

By downloading and using software and other materials available via this website, you agree to be legally bound by HIKVISION General Terms of Use . If you don’t agree to these terms, you may not download or use any of those materials.

If you are agreeing on behalf of your company, you represent and warrant that you have legal authority to bind your company to the General Terms of Use above. Also you represent and warrant that you are of the legal age of majority in the jurisdiction in which you reside (at least 18 years of age in many countries).