My company's network integrates with internet of things (IoT) devices. I heard about BrickerBot permanently damaging...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
some IoT devices after a denial-of-service attack. What can be done to avoid BrickerBot?
Like Mirai, Hajime and other IoT malware, BrickerBot uses a list of known default factory credentials to access Linux-based IoT devices that may run BusyBox, which is a free tool set of Unix utilities for Linux. If device owners forget to change default credentials, BrickerBot logs in and performs destructive attacks against the infected IoT devices.
Radware's Emergency Response Team discovered BrickerBot when the malware began pinging a Radware honeypot. The team members found the malware is similar to Mirai, but with a difference. BrickerBot doesn't actively scan the internet for new victims, like Mirai does. Instead, it looks for devices that have been infected. The objective of the vigilante malware is to permanently disable IoT devices infected with Mirai so that the devices can't be used as part of a botnet.
BrickerBot listens for open port 23 (telnet) and port 7457 for scans from IoT devices infected by other IoT malware. The Telnet port exposes the factory default username and password. These ports enable BrickerBot to launch a permanent denial-of-service attack against the infected devices. The malware uses a series of Linux commands to corrupt the storage, followed by commands to disrupt internet connectivity.
The administrator is prevented from using the ports to send patches. Ports to the affected devices are blocked, and a factory reset doesn't salvage the damaged devices. Rebooting also fails to revive the devices, so the devices are bricked. They are rendered useless and need to be replaced and reinstalled.
The four versions of BrickerBot operate independently of one another without a need for command-and-control servers. The sequence of commands in each version is slightly different in performing their destructive act.
The best way of avoiding BrickerBot is to change default credentials and disable the Telnet port. Organizations should also take the damaged device offline, replace or reinstall hardware, update devices with the latest firmware, and back up files for restoration on new hardware.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)
Learn how to secure internet-connected devices against IoT malware
Discover the lessons enterprises should learn from Mirai
Check out the IoT botnet attacks that plagued 2016
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Judith Myerson
A cryptographic weakness was discovered in the Telerik web UI. Expert Judith Myerson alerts readers about this weakness and the alternative options ...continue reading
New media player vulnerabilities have been exposed that enable hackers to use subtitle files to control devices. Expert Judith Myerson explains how ...continue reading
Two critical, zero-day Foxit Reader vulnerabilities haven't been patched and pose a threat to enterprises. Judith Myerson explains the ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.