How Verkada Protects Against the Rising Risks of Cloud Security Cameras

How Verkada Protects Against the Rising Risks of Cloud Security Cameras

Hacker attacks against connected cameras continue to rise. This troubling trend has been escalating in recent years, and all enterprises should expect to see more attempts going forward after a major spike in 2018.

In all, 15% of all attacks against Internet of Things (IoT) devices last year hit connected cameras — up from just 3.5% in 2017, according to a recent report from Symantec.

In raw terms, this equated to around 780 attacks per month against connected cameras set up as a honeypot by Symantec for its annual Internet Threat Security Report (ITSR).

“Routers and connected cameras were by far the main source of IoT attacks, accounting for over 90% of all attacks on the honeypot,” said the cybersecurity software firm in its ITSR 2019. “The proportion of infected cameras used in attacks increased considerably during 2018.”

Routers, which accounted for more than three-quarters (75.1%) of all IoT device attacks, remain by far the most vulnerable technology.

Next comes cameras. But, after that, no other device accounted for a large percentage of attacks. Multimedia devices (5.4%) and firewalls (2.1%) were the only others hit by a significant percentage of the overall exploits in 2018, said Symantec.

Rising Threats Demand Better Video Camera Security

Such figures highlight why cybersecurity for surveillance cameras must be an utmost priority for end users in 2019. Any organization that has failed to properly safeguard its camera solution should see this as a wake-up call.

One key is to understand what threats carry the most risk. This means paying particularly attention to any exploit making headlines and staying up with the latest industry news.

The four biggest exploits of 2018, for example, comprised more than three-quarters of all attacks against the Symantec honeypot, led by Linux.Lightaidra (31.3% of all attacks) and Linux.Kaiten (31.0%). Linux.Mirai (15.9%) and Trojan.Gen2 (8.5%) rounded out the top four.

Symantec expressed ongoing concern about the Mirai worm, in particular, because it has continued to evolve even as officials try to safeguard their networks against it.

“The notorious Mirai distributed denial of service (DDoS) worm remained an active threat and, with 16% of the attacks, was the third-most-common IoT threat in 2018,” stated the report. “Mirai is constantly evolving and variants use up to 16 different exploits, persistently adding new exploits to increase the success rate for infection, as devices often remain unpatched. The worm also expanded its target scope by going after unpatched Linux servers.”

In terms of geography, exploits are being generated from all across the world. China accounted for nearly a quarter (24.0%) of IoT attacks, while the United States (10.1%), Brazil (9.8%), Russia (5.7%), Mexico (4.0%), and Japan (3.7%) were the other main locations of origin.

How Verkada Prioritizes Cybersecurity

From day 1, we designed Verkada with network security in mind. Our aim is to enable the latest security standards without the need for special technical configuration or maintenance. The following elements represent an overview of the ways that we accomplish this.

1. Data encryption at rest: Video data is encrypted at rest use modern RSA and AES encryption standards. PKI encryption ensures that, even in the unlikely event that someone gets their hands on your Verkada camera, they’ll find it impossible to extract any video data from its onboard storage.

2. Data encryption in transit: By default, all Verkada systems encrypt data in transit using HTTPS/SSL. All communication is over Port 443. And Verkada cameras only make outbound connections to Verkada’s cloud services. We are unique in this regard because we own the hardware, firmware and software — allowing us to have end-to-end encryption both in transit and at rest.

3. No port-forwarding: Unlike traditional CCTV systems, which often rely on port-forwarding of NVRs/DVRs to enable remote access, Verkada systems have no open ports. Remote access is enabled automatically via secure outbound connections over Port 443, so there’s no need to configure a VPN.

4. Single sign-on & 2-FA: Verkada support SAML/Oath for single sign-on and 2-factor authentication (via SMS and authenticator applications). Read more about user identity management.

5. Audit logs: Command logs user session details that can be audited. If your use case requires audit logs, let your Verkada account manager know.

6. Automatic firmware updates: Unlike many systems, Verkada issues automatic updates whenever we make firmware improvements, ensuring security is safeguarded in real-time and never slips through the cracks.

7. Penetration tests and more: We implement regular penetration testing conducted by independent third parties to ensure that there are no undiscovered exploits.

For additional tips on how to enhance video security in your organization, download our free eBook Cybersecurity for Video Surveillance Systems.