A new variant of malware, dubbed BrickerBot, has been discovered operating in the wild by targeting IoT devices running Linux, the popular open-source operating system.
BrickerBot operates similarly to Mirai, the dreaded malware program that targets, enlists and groups IoT devices into botnets for sweeping distributed denial of service (DDoS) attacks. However, there is one significant different between BrickerBot and Mirai.
As researchers from Radware reveal, BrickerBot, as the name suggests, will brick, or permanently kill compromised IoT devices by damaging their hardware. Quite simply, BrickerBot is among a new variant of malware strains that carry out PDoS attacks, or permanent denial of service attacks.
The BrickerBot PDoS attack uses the Telnet brute force technique, similar to Mirai, to breach a victim’s device. BrickerBot also attacks unsecure devices that have not changed the default preset username and password credentials. Upon compromise of the unsecure device, BrickerBot proceeds to permanently remove the storage before revoking Internet access, effectively killing the IoT device.
The malware performs a series of Linux commands leading to the corrupted storage before another series of commands to kill Internet connectivity, disrupt device performance and eventually, wiping all storage on the device.
The attack is specifically targeted at Linux/BusyBox-based Iot devices that leave their Telnet port open and exposed to the internet.
Researchers further revealed:
The PDoS attempts originated from a limited number of IP addresses spread around the world. All devices are exposing port 22 (SSH) and running an older version of the Dropbear SSH server. Most of the devices were identified by Shodan as Ubiquiti network devices; among them are Access Points and Bridges with beam directivity.
LIFARS recommends changing your IoT device’s factory default credentials, if you haven’t already. Telnet access is also to be disabled to the device.
Image credit: Pexels.