Homeland Security Warns of ‘BrickerBot’ Malware Infecting IoT

A new kind of attack is targeting unsecured Internet of Things devices by scrambling their software and rendering them useless.

Security firm Radware first spotted the newly-found "BrickerBot" malware last month after it started hitting its own devices, logging hundreds of infection attempts over a few days. When the malware connects to a device with their default usernames and passwords – often easily found on the internet – the malware corrupts the device's storage, leading to a state of permanent denial-of-service (PDoS) attack, known as "bricking."

In other words, this attack, "damages a system so badly that it requires replacement or reinstallation of hardware," said Radware.

Like the Mirai botnet, most famous for bringing down wide swathes of the US internet last year in a massive distributed denial-of-service (DDoS) attack, the BrickerBot also uses "the same exploit vector" by brute-forcing telnet accounts with lists of available usernames and passwords.

The researchers say that the attackers also have an affinity for targeting devices on Ubiquiti networks. Once inside, the malware runs a sequence of commands, which "try to remove the default gateway and disable TCP timestamps as well as limiting the max number of kernel threads to one," which would scramble the device's memory.

"Unfortunately, even after performing the factory reset, the camera device was not recovered and hence it was effectively bricked," said Radware.

Subscribe to Technology This Week