Mirai who? There’s a new type of malware in town targeting misconfigured IoT devices. BrickerBot, using the same exploit vector as Mirai, corrupts device storage through Linux commands and shuts the devices down in what has been described as a “Permanent Denial-of-Service,” wrote DDoS protection company Radware on their blog.
“The use of the ‘busybox’ command combined with the MTD and MMC special devices means this attack is targeted specifically at Linux/BusyBox-based IoT devices which have their Telnet port open and exposed publically on the Internet. These are matching the devices targeted by Mirai or related IoT botnets,” the blog reads.
The company’s honeypot allegedly detected attempts from two botnets with IPs from around the world, one launching 1,895 PDoS attempts in four days and the second 333 PDoS attempts, but the “location(s) [was/were] concealed by TOR egress nodes.”
The targeted devices are “/dev/mtd (Memory Technology Device – a special device type to match flash characteristics) and /dev/mmc (MultiMediaCard – a special device type that matches memory card standard, a solid-state storage medium).”
The hacked devices exposed port 22 (SSH) and ran an outdated version of the Dropbear SSH Server. Once the device is shut down, the only solution is to replace or reinstall the hardware.
