Q
Problem solve Get help with specific problems with your technologies, process and projects.

How does BrickerBot threaten enterprise IoT devices?

BrickerBot is similar to other IoT malware like Mirai, Hajime and others. Expert Judith Myerson explains what makes BrickerBot different, and what can be done to defend against it.

My company's network integrates with internet of things (IoT) devices. I heard about BrickerBot permanently damaging...

some IoT devices after a denial-of-service attack. What can be done to avoid BrickerBot?

Like Mirai, Hajime and other IoT malware, BrickerBot uses a list of known default factory credentials to access Linux-based IoT devices that may run BusyBox, which is a free tool set of Unix utilities for Linux. If device owners forget to change default credentials, BrickerBot logs in and performs destructive attacks against the infected IoT devices.

Radware's Emergency Response Team discovered BrickerBot when the malware began pinging a Radware honeypot. The team members found the malware is similar to Mirai, but with a difference. BrickerBot doesn't actively scan the internet for new victims, like Mirai does. Instead, it looks for devices that have been infected. The objective of the vigilante malware is to permanently disable IoT devices infected with Mirai so that the devices can't be used as part of a botnet.

BrickerBot listens for open port 23 (telnet) and port 7457 for scans from IoT devices infected by other IoT malware. The Telnet port exposes the factory default username and password. These ports enable BrickerBot to launch a permanent denial-of-service attack against the infected devices. The malware uses a series of Linux commands to corrupt the storage, followed by commands to disrupt internet connectivity.

The administrator is prevented from using the ports to send patches. Ports to the affected devices are blocked, and a factory reset doesn't salvage the damaged devices. Rebooting also fails to revive the devices, so the devices are bricked. They are rendered useless and need to be replaced and reinstalled.

The four versions of BrickerBot operate independently of one another without a need for command-and-control servers. The sequence of commands in each version is slightly different in performing their destructive act.

The best way of avoiding BrickerBot is to change default credentials and disable the Telnet port. Organizations should also take the damaged device offline, replace or reinstall hardware, update devices with the latest firmware, and back up files for restoration on new hardware.

Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)

Next Steps

Learn how to secure internet-connected devices against IoT malware

Discover the lessons enterprises should learn from Mirai

Check out the IoT botnet attacks that plagued 2016

This was last published in September 2017

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What has been your experience with IoT malware like BrickerBot?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close