The Latest Radware News
Product and Solution Information, Press Releases, Announcements
|Radware Security Research Team Uncovers ‘Brickerbot’ Malware That Destroys Unsecured IoT Devices|
|Posted: Tue Apr 18, 2017 10:55:09 AM|
Exploit Uses Same Attack Vector as Mirai but Adds a Dangerous Twist
Radware® NASDAQ: RDWR), a leading provider of cyber security and application delivery solutions, released new research that revealed the existence of a Permanent Denial of Service (PDoS) malware that destroys unsecured Internet of Things (IoT) devices connected to the internet. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), a part of the U.S. Department of Homeland Security, subsequently issued their own alert, to provide early notice of Radware’s threat findings and identify baseline mitigations for reducing risks to these and other cybersecurity attacks.
The PDoS attempts were first revealed in a recently issued Radware ERT Alert. The attacks are performed remotely using commands that could ultimately corrupt storage, break connectivity and render the device nonfunctional. The attacks specifically target Linux/BusyBox-based IoT devices connected to the internet. The discovered attacks were using the same exploit vector as Mirai, brute forcing their way in through Telnet.
“We coined it ‘BrickerBot’ because instead of enslaving IoT devices, like Mirai does, it attempts to destroy or ‘brick’ them,” said Pascal Geenens, Security Evangelist for EMEA Region for Radware and the researcher that discovered the malware. “Most consumers of such devices might never know they were the victim of malware. Their device would just stop working and the natural inclination is to think its they purchased faulty hardware.”
After Radware released its initial findings, the research team ran real-world tests on IP Cameras that met the target specifications of the attack. After running the BrickerBot malware onto the device, it stopped working completely. Unfortunately, even after performing the factory reset, the camera was not recovered and hence it was effectively bricked.
To learn more about this threat and other threats covered by Radware’s Emergency Response Team please visit: https://security.radware.com/ddos-threats-attacks/threat-advisories-attack-reports/