If you're an IoT device owner, our advice to you would be to get the security of all your internet-connected devices in line as soon as possible. The urgent warning is being issued because a new threat called 'BrickerBot' has recently been discovered that is allegedly targeting insecure Internet of Things (IoT) devices.
What is interesting about BrickerBot malware is the fact that instead of harnessing the IoT devices to a distributed denial of service (DDoS) network, it only threatens to permanently brick them instead. This is the reason that IoT experts are still contemplating if the malware is malicious in intent, or it has just been created to take down known vulnerable devices off the internet so that they don't pose any threat in the future. The authors of BrickerBot are currently unknown.
The malware was recently detected on DDoS protection company Radware maintained honeypot servers. The type of attack have been described as a "permanent denial-of-service" (PDoS).
According to a threat advisory issued by Radware, over a four-day period, their honeypot had detected 1,895 PDoS attempts performed from several locations around the world. It also said that the sole purpose of these attacks was to compromise IoT devices and corrupt their storage.
The company has also claimed that they had detected two distinct, different waves of what it has named BrickerBot from different bot-nets. According to the company, the second one was concealed by Tor egress nodes.
Giving out details, Radware said that the BrickerBot PDoS attack made use of Telnet brute force- the same exploit vector used by the Mirai last year to plague internet-connected devices in over 177 countries- to breach a user's insecure IoT device. The company further revealed since Bricker does not try to download a binary, so it unfortunately does not have a complete list of credentials that were used for the brute force attempt. However, they were still successful in recording first attempted username/password pair, which was consistently 'root'/'vizxv'."
Even IoT devices that boost of having hard-wired credentials could become victims to such a targeted attack.
Radware further explained in detail what all did the malware do once successfully accessing a device. After gaining access, the PDoS bot would immediately perform a series of Linux commands that would lead to corrupted storage, followed by commands to disrupt device performance, Internet connectivity, and wipe-off of all files present on the device.
Among the special devices targeted by the malware are, MultiMediaCard, which is a special device type that matches memory card standard, a solid-state storage medium, and Memory Technology Device, which is a special device type to match flash characteristics.
According to Radware researchers, the version of BrickerBot picked up by its honeypot servers is targeted at Linux/BusyBox IoT devices that have their Telnet ports open and publicly exposed to the internet, which is similar to devices that were targeted by Mirai in October.
So, IoT device owners, get your devices in orders as soon as possible because it always "better to be safe than sorry."
What is interesting about BrickerBot malware is the fact that instead of harnessing the IoT devices to a distributed denial of service (DDoS) network, it only threatens to permanently brick them instead. This is the reason that IoT experts are still contemplating if the malware is malicious in intent, or it has just been created to take down known vulnerable devices off the internet so that they don't pose any threat in the future. The authors of BrickerBot are currently unknown.
The malware was recently detected on DDoS protection company Radware maintained honeypot servers. The type of attack have been described as a "permanent denial-of-service" (PDoS).
According to a threat advisory issued by Radware, over a four-day period, their honeypot had detected 1,895 PDoS attempts performed from several locations around the world. It also said that the sole purpose of these attacks was to compromise IoT devices and corrupt their storage.
The company has also claimed that they had detected two distinct, different waves of what it has named BrickerBot from different bot-nets. According to the company, the second one was concealed by Tor egress nodes.
Giving out details, Radware said that the BrickerBot PDoS attack made use of Telnet brute force- the same exploit vector used by the Mirai last year to plague internet-connected devices in over 177 countries- to breach a user's insecure IoT device. The company further revealed since Bricker does not try to download a binary, so it unfortunately does not have a complete list of credentials that were used for the brute force attempt. However, they were still successful in recording first attempted username/password pair, which was consistently 'root'/'vizxv'."
Even IoT devices that boost of having hard-wired credentials could become victims to such a targeted attack.
Radware further explained in detail what all did the malware do once successfully accessing a device. After gaining access, the PDoS bot would immediately perform a series of Linux commands that would lead to corrupted storage, followed by commands to disrupt device performance, Internet connectivity, and wipe-off of all files present on the device.
Among the special devices targeted by the malware are, MultiMediaCard, which is a special device type that matches memory card standard, a solid-state storage medium, and Memory Technology Device, which is a special device type to match flash characteristics.
According to Radware researchers, the version of BrickerBot picked up by its honeypot servers is targeted at Linux/BusyBox IoT devices that have their Telnet ports open and publicly exposed to the internet, which is similar to devices that were targeted by Mirai in October.
So, IoT device owners, get your devices in orders as soon as possible because it always "better to be safe than sorry."
Advertisements