BrickerBot threatens to kill your IoT devices

Mirai-like botnet could permanently disable Internet of Things hardware

A new type of malware has been discovered that could permanently render IoT devices useless.

Dubbed BrickerBot, the malware was discovered by IT security firm Radware. Its Emergency Response Team (ERT) said it was designed to stop a victim's hardware from functioning.

It called this new type of attack a Permanent Denial-of-Service (PDoS), and said itis becoming increasingly popular in 2017 as more incidents evolving this hardware-damaging assault occur.

Advertisement - Article continues below

The type of attack is also known as "plashing"; damaging a system so badly that it requires replacement or reinstallation of hardware.

"By exploiting security flaws or misconfigurations, PDoS can destroy the firmware and/or basic functions of [a] system. It is a contrast to its well-known cousin, the DDoS attack, which overloads systems with requests meant to saturate resources through unintended usage," said Pascal Geenens, cyber security evangelistat Radware, who discovered the malware.

In just one four-day period, a honeypot set up by the company recorded 1,895 PDoS attempts performed from several locations around the world. The firm said the malware's sole purpose was to target IoT devices and corrupt their storage.

The malware used Telnet brute force - the same exploit vector used by Mirai - to breach a victim's devices, according to the researchers. Bricker does not try to download a binary, so no complete list of credentials that were used for the brute force attempt has been recorded. However, Radware was able to record that the first attempted username/password pair was consistently 'root'/'vizxv.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"Upon successful access to the device," said Geenens, "the PDoS bot performed a series of Linux commands that would ultimately lead to corrupted storage, followed by commands to disrupt internet connectivity, device performance, and the wiping of all files on the device."

When a device is successfully accessed, the malware carries out a series of Linux commands that would ultimately lead to corrupted storage, followed by commands to disrupt internet connectivity, device performance, and the wiping of all files on the device.

"Among the special devices targeted are /dev/mtd (Memory Technology Device - a special device type to match flash characteristics) and /dev/mmc (MultiMediaCard - a special device type that matches memory card standard, a solid-state storage medium)," he said.

"The sysctl commands attempt to reconfigure kernel parameters: net.ipv4.tcp_timestamps=0 disables TCP timestamps, which does not affect local LAN IPv4 connectivity, but seriously impacts the internet communication, and kernel.threads-max=1 limits the max number of kernel threads to one."

Organisations can protect IoT devices and networks by changing the device's factory default credentials and disabling Telnet access to the device, Radware explained.

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement

Recommended

Andrew Daniels joins Druva as CIO and CISO
Cloud

Andrew Daniels joins Druva as CIO and CISO

22 Jul 2020
University of California gets fleeced by hackers for $1.14 million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Australia announces $1.35 billion investment in cyber security
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
CSA and ISSA form cyber security partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
Labour Party donors caught up in Blackbaud data breach
data breaches

Labour Party donors caught up in Blackbaud data breach

31 Jul 2020
How do you build a great customer experience?
Sponsored

How do you build a great customer experience?

20 Jul 2020