April 14, 2017 by

Mirai-Like ‘BrickerBot’ Malware Kills Unsecured IoT Devices

A new variant of malware, dubbed BrickerBot, has been discovered operating in the wild by targeting IoT devices running Linux, the popular open-source operating system.

BrickerBot operates similarly to Mirai, the dreaded malware program that targets, enlists and groups IoT devices into botnets for sweeping distributed denial of service (DDoS) attacks. However, there is one significant different between BrickerBot and Mirai.

As researchers from Radware reveal, BrickerBot, as the name suggests, will brick, or permanently kill compromised IoT devices by damaging their hardware. Quite simply, BrickerBot is among a new variant of malware strains that carry out PDoS attacks, or permanent denial of service attacks.

The BrickerBot PDoS attack uses the Telnet brute force technique, similar to Mirai, to breach a victim’s device. BrickerBot also attacks unsecure devices that have not changed the default preset username and password credentials. Upon compromise of the unsecure device, BrickerBot proceeds to permanently remove the storage before revoking Internet access, effectively killing the IoT device.

The malware performs a series of Linux commands leading to the corrupted storage before another series of commands  to kill Internet connectivity, disrupt device performance and eventually, wiping all storage on the device.

The attack is specifically targeted at Linux/BusyBox-based Iot devices that leave their Telnet port open and exposed to the internet.

Researchers further revealed:

The PDoS attempts originated from a limited number of IP addresses spread around the world. All devices are exposing port 22 (SSH) and running an older version of the Dropbear SSH server. Most of the devices were identified by Shodan as Ubiquiti network devices; among them are Access Points and Bridges with beam directivity.

LIFARS recommends changing your IoT device’s factory default credentials, if you haven’t already. Telnet access is also to be disabled to the device.

Image credit: Pexels.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Mirai-Like BrickerBot Bricked 2 Million IoT Devices, Claims Malware Author

The author behind the BrickerBot, a new variant of malware discovered in the wild to target unsecure...

Read more arrow_forward