Windows 10 News and info | Forum
November 23, 2017, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot and Botscout | This forum does not use audio ads, popups, or other annoyances.
 
  Website   Home   Windows 8 Website Windows 8 Forum Help Login Register  
Pages: [1]
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: Homeland Security warns 'BrickerBot' malware destroys unsecured internet devices  (Read 39 times)
javajolt
Administrator
Hero Member
*****
Online Online

Gender: Male
United States United States

Posts: 27454


I Do Windows


WWW Email
« on: April 19, 2017, 05:46:36 PM »
ReplyReply

Reminiscent of the Mirai botnet that brought down large swathes of the US internet last year, this new malware targets poorly-secured Internet of Things devices and renders them useless.

A new kind of attack is targeting unsecured Internet of Things devices by scrambling their code and rendering them useless.

Security firm Radware first spotted the newly-found "BrickerBot" malware last month after it started hitting its own honeypots, logging hundreds of infection attempts over a few days. When the malware connects to a device with their default usernames and passwords -- often easily found on the internet -- the malware corrupts the device's storage, leading to a state of permanent denial-of-service (PDoS) attack, known as "bricking."

In other words, this attack, "damages a system so badly that it requires replacement or reinstallation of hardware," said Radware.

It's a novel take on an ongoing security problem with Internet of Things devices: botnets controlled by hackers, like the Mirai malware, typically infect unsecured devices that are enlisted as part of wider bandwidth-stealing attacks to bring down websites and services by overwhelming them with internet traffic.

Like the Mirai botnet, most famous for bringing down wide swathes of the US internet last year in a massive distributed denial-of-service (DDoS) attack, the BrickerBot also uses "the same exploit vector" by brute-forcing telnet accounts with lists of available usernames and passwords.

Radware doesn't have a list of internet-connected devices, like webcams, toys, and even smart bulbs, at risk of being attacked, but pointed to several kinds of Linux-based devices that run the BusyBox toolkit that have their telnet port open, and are exposed publicly on the internet.

The researchers say that the attackers also have an affinity for targeting devices on Ubiquiti networks, which have been targeted by attackers before.

Once inside, the malware runs a sequence of commands, which "try to remove the default gateway, wipe the device through rm -rf /* and disable TCP timestamps as well as limiting the max number of kernel threads to one," which would scramble the device's memory.

The researchers also say that the malware adds extra commands "to flush all iptables firewall and NAT rules and add a rule to drop all outgoing packets," effectively wiping any trace of its infection.

"Unfortunately, even after performing the factory reset, the camera was not recovered and hence it was effectively bricked," said Radware.



And, because the device-bricking bot conceals its location through the Tor anonymity network, there's no way to know where the attack came from, the researchers said.

The emergence of BrickerBot has prompted Homeland Security's Cyber Emergency Response Team (CERT) to issue an updated warning, noting that "no information is available at this time about the type and number of devices used in performing these attacks."

"Control systems often have Internet accessible devices installed without the owner's knowledge, putting those systems at increased risk of attack," said the advisory.

The researchers say that a device search could point to at least 21 million devices at risk, but the motivations for this new attack aren't known.

Homeland Security suggests changing a device's default credentials and disabling telnet.

source:zdnet
Logged



Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page October 13, 2017, 02:13:35 PM