According to security researchers of Arbor Networks, the Lizard Squad has taken over thousands of CCTV cameras and webcams that are connected to the internet to be able to focus DDoS attacks on banks and websites of government departments. During a DDoS attack, the incoming traffic flooding the victim originates from many different sources – potentially hundreds of thousands or more. This dramatically makes it impossible to prevent the attack simply by blocking a single IP address. Moreover, it is very difficult to recognize legitimate user traffic from attack traffic when spread across so many points of origin. According to the Arbor Networks, LizardStresser is a botnet and the source code of this botnet was released publicly in early 2015. Arbor Network’s ASERT group is keeping an eye on LizardStresser action and observed two things, some unique LizardStresser command-and-control sites have been noticed with extensive growth throughout 2016 and the attackers have concentrated on targeting Internet of things (IOT) devices using the unit’s default passwords. The CCTV cameras tend to run minimal versions of traditional platforms like Linux, in which malware can easily be compiled for the target architecture. To make the matter critical if they are internet-accessible, they are most likely to have total access to the internet. Mostly IOT devices re-use the similar type of hardware and software. During software re-use, the default passwords used to initially manage the device may be shared across the completely different groups of devices. Matthew Bing, research analyst at Arbor networks said “LizardStresser is becoming the botnet-du-jour for IoT devices given how easy it is for threat actors to make minor tweaks to telnet scanning. With minimal research into IoT device default passwords, they are able to enlist an exclusive group of victims into their botnets” As we know, Poor security level in IOT devices is not so dominant. But Lizard Stresser managed to create the extensive swarm of botnets and takes over thousand of these devices and the attacks are mostly against banks. Therefore, if you own a CCTV camera make sure to change the default login and passwords and make them secure by providing strong login credentials.