BrickerBot malware now targets Linux-based IoT devices

The Internet of Things (IoT) is at the heart of many modern technology devices. Unfortunately, IoT has been the source of significant malware attacks. Months after the Mirai botnet attack surfaced online, BrickerBot has emerged as the fresh malware targeting IoT devices.

BrickerBot can damage storage and kernel parameters of connected hardware by gaining malicious access. Security research company Radware has detected two versions of the BrickerBot malware on its honeypot servers.
According to security firm Radware, whose honeypot was used to discover the malware, BrickerBot works in similar fashion to Mirai in that both programs attempt to leverage the tendency for users to neglect to change the factory default username and password combo that ships on IoT devices. The primary difference between the two is that while Mirai aims to take over and add them to botnets with the express purpose of conducting DDoS attacks, BrickerBot — as its name implies — simply wants to kill the devices instead. This kind of attack is called Permanent Denial of Service (PDoS), and it’s apparently becoming increasingly popular.

Because they both rely on remote access into unsecured devices, both BrickerBot and Mirai can most easily be combatted by simply changing the default username and password and by turning off Telnet remote access wherever possible. Radware notes a few other highly technical responses to BrickerBot that technology staff can use but that are likely beyond the means of the typical smart home customer.

While Mirai is of greater concern on a widespread basis given its ability impact the entire internet, BrickerBot can cause some serious inconvenience to casual users by leaving their devices dead and unusable.

Radware recommends to change device’s default credentials, disable Telnet access and analyse the network behavior. You can try User/Entity behavior analysis methods to spot granular anomalies in the traffic.

%d bloggers like this: