Friday April 07, 2017

New Malware Strain Intentionally Bricks IoT Devices

Brickerbot is a new strain of malware that intentionally bricks unsecured Linux BusyBox-based IoT devices. Unsecured devices are typically placed into service without changing the default password, thus allowing anyone that can Google the default password for a product line to take control of them. Researchers think that it is the work of a vigilante, as although the malware intentionally renders the device useless, it doesn't do more malicious things such as add it to a botnet. This gives the impression that the person who wrote the code wants to create awareness of the issues of running unsecured IoT devices by destroying them.

News Image

There are a couple of variants of the malware and both accomplish the same task. By using brute force tactics, the malware is able to discover open Telnet ports on unsecured devices. From there it performs a series of commands that render the device useless within seconds. According to the article, this is called PDoS (Permanent Denial of Service) by experts but is also known as "phlashing." Again researchers are concerned because rendering a device useless doesn't benefit the attacker by creating a botnet or educate consumers on proper security. This is a new phenomenon according to industry experts and infers hatred against IoT devices.

The entirety of the Radware security advisory can be viewed online. Here is an excerpt.

Imagine a fast moving bot attack designed to render the victim’s hardware from functioning. Called Permanent Denial-of-Service (PDoS), this form of cyber-attack is becoming increasingly popular in 2017 as more incidents involving this hardware-damaging assault occur. Also known loosely as "phlashing" in some circles, PDoS is an attack that damages a system so badly that it requires replacement or reinstallation of hardware. By exploiting security flaws or misconfigurations, PDoS can destroy the firmware and/or basic functions of system. It is a contrast to its well-known cousin, the DDoS attack, which overloads systems with requests meant to saturate resources through unintended usage. Over a four-day period, Radware’s honeypot recorded 1,895 PDoS attempts performed from several locations around the world.