BrickerBot Malware “Bricks” Open IoT Devices

BrickerBot turns your IoT device into a handy paperweight.

So far, consumers and tech experts alike have a love hate relationship with Internet of Things-connected devices (IoT). On the one hand, there are exciting innovations that have added convenience and security to our daily lives. At the same time, however, the recent wave of attacks to vulnerable IoT devices has left a lot of people wondering just how much risk is really involved.

BrickerBot gains access via open port vulnerabilities.

The wave of DDoS attacks that struck last fall were just a large-scale precursor that made a lot of users sit up and take notice. Unfortunately, it didn’t result in immediate action to creating stricter protocols. There have now been reports of university networks that were disabled thanks to IoT hacking, and even medical implants that have wide open security holes that hackers can potentially exploit.

Paperweight

Now, a newly discovered malware that targets IoT devices is making headlines. As its name implies, BrickerBot turns your IoT device into a handy paperweight, thanks to open port vulnerabilities that allow it access. There have been two versions detected already since the attacks were discovered March 20th, and both seem to target devices powered via Linux BusyBot.

Brute force

According to BleepingComputer, “In the first stages of the attacks, both strains work in a similar way, by attempting a dictionary brute-force attack on devices with Telnet ports left open on the Internet. Just like Mirai, Hajime, LuaBot, and other IoT malware, BrickerBot uses a list of known default credentials used for various IoT devices. If device owners failed to change their default credentials, BrickerBot logs in and performs a series of Linux commands.”

Pointless

So what’s behind the attack? Pure, unadulterated “jerkhood.” According to a security alert first issued about BrickerBot by Radware, the goal is not even a ransomware effort where the owner can undo it for a fee. Nope, this simply installs a permanent DDoS mode that “bricks” the device, either for the sheer joy of it or to send a message about the long-ignored vulnerability of the entire marketplace.

Keep you IoT device as secure as possible – download the latest security software now, all for free, right here on FileHippo.