Security researchers at security shop Radware have found a new malware called BrickerBot that can permanently scramble Internet of Things (IoT) devices around the world by corrupting device's storage capability.
On March 20, researchers spotted the malware via honeypot servers, which targeted only Linux BusyBox-based IoT devices.
"The Bricker Bot attack used Telnet brute force – the same exploit vector used by Mirai – to breach a victim's devices," Radware's advisory states.
"Bricker does not try to download a binary, so Radware does not have a complete list of credentials that were used for the brute force attempt, but were able to record that the first attempted username/password pair was consistently 'root'/'vizxv.'"
The two different versions of BrickerBot were detected: BrickerBot.1 and BrickerBot.2. Both the versions have very different set of commands, but at the end, they both accomplish the same goal. These commands are:
After executions of the commands, IoT device that will stop working within seconds.
For more technical alert keep watching the Radware security page.
On March 20, researchers spotted the malware via honeypot servers, which targeted only Linux BusyBox-based IoT devices.
"The Bricker Bot attack used Telnet brute force – the same exploit vector used by Mirai – to breach a victim's devices," Radware's advisory states.
"Bricker does not try to download a binary, so Radware does not have a complete list of credentials that were used for the brute force attempt, but were able to record that the first attempted username/password pair was consistently 'root'/'vizxv.'"
The two different versions of BrickerBot were detected: BrickerBot.1 and BrickerBot.2. Both the versions have very different set of commands, but at the end, they both accomplish the same goal. These commands are:
- Write random bits to the device's storage drives, rendering flash storage useless.
- Disables TCP timestamps (sets net.ipv4.tcp_timestamps=0). Internet connectivity is left intact but hampered.
- Sets the maximum number of kernel threads to one (kernel.threads-max=1). Since this value is usually in the range of tens of thousands, this effectively stops all kernel operations.
- Reboots the device.
After executions of the commands, IoT device that will stop working within seconds.
For more technical alert keep watching the Radware security page.