My company's network integrates with internet of things (IoT) devices. I heard about BrickerBot permanently damaging...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
some IoT devices after a denial-of-service attack. What can be done to avoid BrickerBot?
Like Mirai, Hajime and other IoT malware, BrickerBot uses a list of known default factory credentials to access Linux-based IoT devices that may run BusyBox, which is a free tool set of Unix utilities for Linux. If device owners forget to change default credentials, BrickerBot logs in and performs destructive attacks against the infected IoT devices.
Radware's Emergency Response Team discovered BrickerBot when the malware began pinging a Radware honeypot. The team members found the malware is similar to Mirai, but with a difference. BrickerBot doesn't actively scan the internet for new victims, like Mirai does. Instead, it looks for devices that have been infected. The objective of the vigilante malware is to permanently disable IoT devices infected with Mirai so that the devices can't be used as part of a botnet.
BrickerBot listens for open port 23 (telnet) and port 7457 for scans from IoT devices infected by other IoT malware. The Telnet port exposes the factory default username and password. These ports enable BrickerBot to launch a permanent denial-of-service attack against the infected devices. The malware uses a series of Linux commands to corrupt the storage, followed by commands to disrupt internet connectivity.
The administrator is prevented from using the ports to send patches. Ports to the affected devices are blocked, and a factory reset doesn't salvage the damaged devices. Rebooting also fails to revive the devices, so the devices are bricked. They are rendered useless and need to be replaced and reinstalled.
The four versions of BrickerBot operate independently of one another without a need for command-and-control servers. The sequence of commands in each version is slightly different in performing their destructive act.
The best way of avoiding BrickerBot is to change default credentials and disable the Telnet port. Organizations should also take the damaged device offline, replace or reinstall hardware, update devices with the latest firmware, and back up files for restoration on new hardware.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)
Learn how to secure internet-connected devices against IoT malware
Discover the lessons enterprises should learn from Mirai
Check out the IoT botnet attacks that plagued 2016
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Judith Myerson
The NIST published guidance on building up platform firmware resiliency. Expert Judith Myerson looks at the NIST guidelines and the major takeaways ...continue reading
With a port swapping attack, hackers can bypass two-factor authentication and control a victim's mobile device. Judith Myerson explains how the ...continue reading
Knowing what ransomware recovery methods are available is important as the threat continues to grow. Expert Judith Myerson outlines what the NIST ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.