New Malware Preys on Linux-based IoT Devices with Default Passwords

May 1, 2017  |  By Holly Dragoo

BrickerBot is a new malware that preys on Linux-based networked assets with factory-default passwords, granting it remote administrator access and conducting “permanent denial-of-service” (PDoS) attacks. Based on malware used in the Mirai botnet, a botnet made up of Internet of Things (IoT) devices designed to conduct massive DDoS attacks, it’s not clear what the motivation is behind BrickerBot exactly, other than wreaking havoc. A month after the initial discovery and disappearance of BrickerBot.1 and BrickerBot.2, version 3 suddenly appeared, with an increased success rate speed (roughly 1300 attacks in under 15 hours according to Radware analysis) and a modified attack script. Once a host is compromised, the malware attempts to corrupt their internal storage, and render the device useless, or “bricked.”

IISP Analyst Holly Dragoo: “PDoS attacks are becoming alarmingly more commonplace. With the rise of BrickerBot and the Hajime botnet (similar modus operandi), more gadgets, cameras and non-computing consumer goods are being compromised and lost – permanently. As Bruce Schneier pointed out in October 2016, this surprisingly isn’t enough incentive to make manufacturers build security into their devices; it’s an economic issue. Sellers of IoT devices don’t have the same deep pockets that the computer industry giants do for testing and evaluation, and buyers don’t care or know enough to demand baked-in security to their purchases. This kind of market failure opens the door to government regulation. It’s only a matter of time trusted.”

 

 

For further reading

 

More by the author(s)