There's a new kind of computer malware on the block. It doesn't want to spy on you or hold your data for ransom. Instead, it wants to corrupt and destroy your computer hardware. And it's called BrickerBot - Permanent Denial of Service (PDoS).
Now what is BrickerBot?
Brickerbot is a type of malware, malicious software, that was discovered by a researcher at a cyber-security company called Radware. BrickerBot works in similar fashion to Mirai in that both programs attempt to leverage the tendency for users to neglect to change the factory default username and password combo that ships on IoT devices.
BrickerBot, as its name implies simply wants to exploit hard-coded passwords in IoT and kill the devices in order to cause a permanent denial of service where you will try to override software or try to destroy hardware in such a way that the device cannot be recovered without experts doing recovery on the device and without a doubt it’s becoming increasingly popular now-a-days. The honeypot recorded 1,895 PDoS (Permanent Denial of Service) attempts by BrickerBot from several locations around the world over four days.
This malware tries to make your devices about as useful as a brick, hence the name Brickerbot. The attacks were first identified last month and are still going on.
Devices vulnerable to this type of attack?
BrickerBot seems to be going after a number of different IoT devices that are directly connected to the internet, meaning they have IP addresses that are publicly available on the internet. They also seem to be targeting devices that run embedded versions of Linux like routers, IP cameras and digital video recorders.
Let's look at its details more in depth:
This bot attack is designed to render a connected device useless by causing a PDoS or “bricked,” state. BrickerBot.1 and BrickerBot.2 exploit hard-coded passwords and brute force Telnet or exposed Port 22/SSH. According to open source reporting, the following details regarding BrickerBot.1 and BrickerBot.2 are available:- BrickerBot.1 targets devices running BusyBox with an exposed SSH command window and an older version of Dropbear SSH server. Most of these devices were also identified as Ubiquiti network devices, some of which are access points or bridges with beam directivity.
- BrickerBot.2 targets Linux-based devices which may or may not run BusyBox or use Dropbear SSH server. However, BrickerBot.2 can only access devices which expose a Telnet service protected by default or hard-coded passwords.
What could be the motive behind designing such a bot to destroy devices?
To be honest we cannot actually derive to the main motive of such sort of designing but yes there could be some theories behind this likely:
- By creating a botnet out of hundreds of thousands or millions of internet of things devices, one can sell access to your botnet & gain some better financial output
- Or otherwise what if we think that someone who's angry or upset at device manufacturers for not fixing security issues as simple as easily guessable passwords or default passwords.
No comments:
Post a Comment