Security firm Radware has sportted a new kind of attack which is targeting the unsecured Internet of Things devices and is scrambling their code thus rendering them useless.The BrickerBot malware was first found last month after it has started hitting its own honeypots and logging hundreds of infection attempts in just a few days. Whenever the malware connects to a device with their default usernames and passwords, which are very easily found on the internet. This malware corrupts the storage of device and leads to a state of permanent denial-of-service (PDoS) attack. This is usually known as “bricking.”
To put it in other words, this attack “damages a system so bad that it requires a replacement or a reinstallation of the hardware,” said Radware.
It is a novel take on ongoing security problem with the Internet of Things devices: The Botnets controlled by the hackers, like the ever so popular Mirai malware, typically infect unsecured devices that are listed as part of wider bandwidth-stealing attacks to bring down websites and services internet traffic that is overwhelming for them to handle.
Just like the Mirai botnet, which brought down wide swathes of US internet last year during a massive DDoS attack, the BrickerBot uses the “same exploit vector” by brute-forcing telnet accounts with lists of available usernames and passwords.
The Radware malware does not have a list of internet-connected devices, like toys, webcams, and even smart bulbs, all these are at the risk of being attacked, but it also pointed to several kinds of Linux-based devices which run the BusyBox toolkit which have their telnet port open and are publicly exposed on the internet.
The researchers said that the malware adds some extra commands “to flush all IP tables firewall and NAT rules and also add a rule to drop all the outgoing packets,” effectively wiping any trace of the infection.