A New Malware On The Loose
There's a new malware attack on the way, unfortunately, and it's targeting the same type of devices. This time, however, it's blocking them completely, meaning they're being rendered useless and inoperable, intentionally collapsing their services for good.
It's no secret that Internet of Things devices have always been ripe target for malware, and this is because the method with which they are designed and managed is impaired at its core. Manufacturers, for instance, create these internet-connected products and sell them off commercially, frustratingly often without firm security measures or maintenance set in place first. Needless to say that the the vulnerabilities of these devices are easy to expose because of which.
What You Need To Know About BrickerBot
Case in point: BrickerBot, the new malware in question. It scours the internet, combing for unsecure databases of default usernames and passwords. Suppose it finds one and successfully logs in, then the device goes kaput: completely rendered useless. The device's connectivity will be disrupted, its processing power will be limited, and its storage will be wiped, leaving it nothing more than a useless hunk of plastic or metal. Researchers coin this attack as a PDoS, which means "permanent denial of service."
Experts still can't explain why the malware performs what it does, although theories and speculation suggest that a vigilante is carrying out the chore. There are two known variants of BrickerBot, suffixed by "1" or "2." According to reports, the BrickerBot 2 variant uses TOR in order to obfuscate the hosts in control of it.
The response to BrickerBot has so far been of bafflement and perplexity. No one has managed to determine the purpose of the malware. It remains to be seen whether there's an underlying message to the attacks, or if it's simply a case of a crafty hacker wanting to wreak wanton havoc.
Is BrickerBot The Work Of An Activist?
It's being suggested, however, that BrickerBot might actually be a form of activism, which sees a small pool of bricked IoT devices a small price to pay, if to limit the potential impact of a future IoT botnet. Simply put, this theory suggests that the person behind the BrickerBot shuts down these vulnerable devices so as to prevent anything more dangerous from potentially occurring.
Radware, a cybersecurity company, recently observed almost 2,000 PDoS in a span of four days. Most of the devices attacked were in North and South America, though some were also recorded in Europe, Asia, and Africa. Moreover, because BrickerBot is using the TOR network, it could prove difficult to disrupt.
In the meantime, for those who want to prevent BrickerBot from potentially affecting their IoT devices, they can perform these easy measures: change the default password and shut down external access to telnet.
Thoughts about BrickerBot? Have you experienced the malware attacking your IoT device firsthand? Feel free to sound off in the comments section below!