UPDATED 23:15 EDT / APRIL 09 2017

INFRA

Nasty new bot bricks devices in ‘permanent denial-of-service’ attack

A new form of malicious code that targets Internet of Things devices with a Permanent Denial-of-Service attack may be more harmful than the infamous Mirai botnet.

First discovered by security company Radware Ltd., the PDoS attack bot, dubbed “BrickerBot,” scans the Internet for Linux-based routers, bridges and similar devices. When it finds a compatible device, one using the common BusyBox toolkit with default passwords in place, it launches a brute-force attack via open Telnet ports.

The brute force attack is the same infection path as Mirai. but that’s where the similarities end. BrickerBot doesn’t attempt to hijack the device to spread itself further. Instead, it runs a series of highly debilitating commands that wipe all the files stored on the device, corrupt the device’s storage and kill its Internet connection, quite literally “bricking” the device.

In the space of four days, Radware detected 1,895 infection attempts from BrickerBot on the first honeypot it set up and then 333 attempts on a second honeypot. In the first case, all the attacks came from IP addresses in Argentina while with the latter the attacks come from a anonymous Tor node, making them untraceable.

“When I discovered the first BrickerBot, I thought it was a drastic attempt to stop the IoT Botnet DDoS threat,” Radware researcher Pascal Geenens told Ars Technica. “I thought this was a competitor hacker who wanted to take out his competition and get access to the list of IP [addresses] of bots that were in the competitor’s botnet. But upon discovery of the second BrickerBot this theory changed … What motivates people to randomly destroy things? Anger, maybe? A troll, maybe?”

To block a potential BrickerBot attack, Radware recommends that device owners disable Telnet, change default factory passwords and implement security tools such as intrusion prevention systems that can lock down devices should they be targeted.

Photo: mikecogh/Flickr

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU