BrickerBot malware attacks IoT devices with Permanent Denial-of-Service

Mirai who? There’s a new type of malware in town targeting misconfigured IoT devices. BrickerBot, using the same exploit vector as Mirai, corrupts device storage through Linux commands and shuts the devices down in what has been described as a “Permanent Denial-of-Service,” wrote DDoS protection company Radware on their blog.

“The use of the ‘busybox’ command combined with the MTD and MMC special devices means this attack is targeted specifically at Linux/BusyBox-based IoT devices which have their Telnet port open and exposed publically on the Internet. These are matching the devices targeted by Mirai or related IoT botnets,” the blog reads.

The company’s honeypot allegedly detected attempts from two botnets with IPs from around the world, one launching 1,895 PDoS attempts in four days and the second 333 PDoS attempts, but the “location(s) [was/were] concealed by TOR egress nodes.”

The targeted devices are “/dev/mtd (Memory Technology Device – a special device type to match flash characteristics) and /dev/mmc (MultiMediaCard – a special device type that matches memory card standard, a solid-state storage medium).”

The hacked devices exposed port 22 (SSH) and ran an outdated version of the Dropbear SSH Server. Once the device is shut down, the only solution is to replace or reinstall the hardware.

Read the original article here

You may also like


Get in Touch

Hi there, thanks for stopping by. If you need help with anything, just fill in the form below.
Alternatively, you can call us on 02392 984 730