Malware Bricks IoT Devices on Purpose

More than 80% of IoT Devices Insecure

Internet of Things (IoT) seems to be under another threat to their devices after the new malware strain was discovered.

The new malware, called BrickerBot, has been harassing the IoT by corrupting the storage capabilities and also reconfiguring kernel parameters. The attacks were discovered on March 20 by Radware, a cyber-security firm that maintained the honeypot servers. It was via these servers that the attack was first detected, and it seems to have continued ever since. The only known targets so far are the Linux BusyBox-based devices. Two versions of the malware were detected, and they’re named BrickerBot.1 and BrickerBot.2.

The Most Vulnerable Devices

The attacks have started the same way for both versions of the malware – with a brute force attack that is aimed at the devices their Telnet ports open. Just like many other known IoT malware, BrickerBot also uses a list of default credentials that are used for many different IoT devices. If owners fail to change the default credentials, the malware can enter and infect the device.

The Malware Bricks the “Smart” Devices

After the initial attack, the two versions “split up”. Both of them insert a set of commands, and even though they’re different, they have the same goal, and that is to brick up your IoT device. This is achieved only a couple of seconds after the hack. These are known called “phlashing”, or PDoS (Permanent Denial of Service) attacks. The attack investigation has discovered that just one of the attacked honeypots has had 1,895 PDoS attempted attacks in only four days.

Experts have stated that BrickerBot.1 attacks are coming from IPs around the world and seem to be assigned to Ubiquiti network devices. On the other hand, the more advanced attacks from BrickerBot.2 are impossible to trace back to the source, and the only things known about it include a smaller number of attacks and its ability to hide behind Tor exit nodes.

Are Vigilantes Responsible?

These attacks appear to be different than the regular attacks of IoT malware, and the goal of the attacks doesn’t seem to be acquiring money. Since this doesn’t benefit anyone, including the hackers responsible, it’s been speculated that this might be the work of a vigilante that’s trying to destroy IoT devices. In October 2015, a similar attack series has appeared, and back then, the aim of the attack was, believe it or not, to improve the insecure IoT routers. This malware was called Linux.Wifatch and its creators posted the code on GitLab.

BrickerBot Is Destroying IoT Devices

That is not the case this time, and BrickerBot’s creator has shown pretty clear intention to destroy as many IoT devices as possible. Experts have stated that the destruction has no apparent reason except for the sake of it and that this is a very effective, but also very risky move.

There’s A Better Way

The chairman of the GDI.foundation, Victor Gevers, has stated that even though this attack is completely illegal, the message of awareness was received. He’d invited the creators of the malware to join the company and help with securing the devices in a more helpful way.