April 14, 2017 by

Mirai-Like ‘BrickerBot’ Malware Kills Unsecured IoT Devices

A new variant of malware, dubbed BrickerBot, has been discovered operating in the wild by targeting IoT devices running Linux, the popular open-source operating system.

BrickerBot operates similarly to Mirai, the dreaded malware program that targets, enlists and groups IoT devices into botnets for sweeping distributed denial of service (DDoS) attacks. However, there is one significant different between BrickerBot and Mirai.

As researchers from Radware reveal, BrickerBot, as the name suggests, will brick, or permanently kill compromised IoT devices by damaging their hardware. Quite simply, BrickerBot is among a new variant of malware strains that carry out PDoS attacks, or permanent denial of service attacks.

The BrickerBot PDoS attack uses the Telnet brute force technique, similar to Mirai, to breach a victim’s device. BrickerBot also attacks unsecure devices that have not changed the default preset username and password credentials. Upon compromise of the unsecure device, BrickerBot proceeds to permanently remove the storage before revoking Internet access, effectively killing the IoT device.

The malware performs a series of Linux commands leading to the corrupted storage before another series of commands  to kill Internet connectivity, disrupt device performance and eventually, wiping all storage on the device.

The attack is specifically targeted at Linux/BusyBox-based Iot devices that leave their Telnet port open and exposed to the internet.

Researchers further revealed:

The PDoS attempts originated from a limited number of IP addresses spread around the world. All devices are exposing port 22 (SSH) and running an older version of the Dropbear SSH server. Most of the devices were identified by Shodan as Ubiquiti network devices; among them are Access Points and Bridges with beam directivity.

LIFARS recommends changing your IoT device’s factory default credentials, if you haven’t already. Telnet access is also to be disabled to the device.

Image credit: Pexels.

About the author

Image of Author

LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.

Related articles

Mirai-Like BrickerBot Bricked 2 Million IoT Devices, Claims Malware Author

The author behind the BrickerBot, a new variant of malware discovered in the wild to target unsecure...

Read more arrow_forward