Online security experts have discovered a new Mirai-like strain of malware that attacks unsecured IoT devices and bricks them.
Researchers at Radware detected the BrickerBot virus via its honeypot servers. The malware, thought to have been active since March 20, facilitates Permanent-Denial-of-Service (PDoS) attacks; an emerging form of cyber exploitation that Radware claims is becoming increasingly popular this year.
PDoS attacks, also known as “phlashing”, damage devices to the degree that they need to be replaced.
The malware has experts baffled, as it appears to offer no benefit whatsoever to its writers or distributors, and only seems to have been written to destroy the unsecured connected devices it infects.
“The BrickerBot PDoS attack used Telnet brute force – the same exploit vector used by Mirai – to breach a victim’s devices,” Radware explained in a post its website.
“Bricker does not try to download a binary, so Radware does not have a complete list of credentials that were used for the brute force attempt, but were able to record that the first attempted username/password pair was consistently ‘root’/’vizxv’,”
Once successfully installed on a device, BrickerBot performs a number of Linux commands that corrupt storage, disrupt internet connectivity and wipe every file.
Radware advises owners of poorly-secured IoT devices to change their connected products’ default credentials and disable Telnet access on their devices. The security firm also recommends using intrusion prevention systems.
Much like Mirai and other IoT malware, BrickerBot uses a list of known default credentials companies ship their devices with. By attempting a series of username and password combinations, these viruses are able to install themselves on unsecured IoT products.
Most commonly, infected devices are used as part of a botnet to launch DDoS attacks, such as last October’s take down of internet backbone provider Dyn. BrickerBot appears to be different, with the sole purpose of destroying the device it infects.
In an article for Bleeping Computer, Catalin Cimpanu tells readers: “BrickerBot could… be the work of an internet vigilante that wants to destroy insecure IoT devices. A similar malware strain first appeared in October 2015.”
IoT device makers have attracted significant levels of criticism for failing to secure the products they make. Connected devices are often rushed to market as soon as possible to capitalise on the emerging IoT trend, with manufacturers prioritising functionality and price over security.
Experts are worried that the poor security of IoT devices could turn everyday items into potential weapons that have the potential be used by cyber criminals to kill their owners. With connectivity now spreading swiftly to cars and medical devices, some researchers suspect the first IoT murder might not be too far away in the future.
