A malware family first identified late last month has already rendered millions of Internet-connected devices useless, according to its author.
The BrickerBot malware is aimed at disabling devices that are vulnerable to infection by botnets such as Mirai, which draws on their computing power to launch denial-of-service attacks.
Like Mirai, BrickerBot attacks devices such as routers and security cameras that run a stripped-down set of Unix tools called BusyBox, have a telnet-based interface exposed to the public Internet, and use factory-default security credentials.
Researchers say BrickerBot overwrites vulnerable devices’ memory with random data in such a way that in some cases they can’t be recovered even via a factory reset.
BrickerBot first attempts to secure devices without damaging them, said the individual, known only by the pseudonym “Janit0r” used in a few posts on the notorious Hack Forums website.
“The bricking behavior is a ‘plan B’… for units which are unlikely to be securable,” Janit0r told technology news website Bleeping Computer.
The BrickerBot family had disabled about 200,000 devices as of January, rising to more than 2 million in late April, Janit0r said.
“Now when the count is over two million it’s clear that I had no idea (and still have no idea) how deep the rabbit hole of IoT insecurity is,” the hacker wrote. “I’m certain that the worst is still ahead of us.”
Janit0r said the code, like the Hajime malware family that surfaced last October, is intended as a kind of “chemotherapy” to help manage the immediate threat posed by vulnerable Internet-connected devices.
“I hope the unconventional actions by ‘BrickerBot’ have helped in buying another year of time for governments, vendors and the industry in general to get the current IoT security nightmare under control,” Janit0r wrote.
The firm said it couldn’t verify Janit0r’s claims of the number of devices affected so far, but said the attacks appear likely to continue for the time being.
“BrickerBot.3 poses a clear and present danger for any IoT device with factory default credentials,” Radware said in an advisory.
The company said users of vulnerable devices should change their factory-default login credentials and to disable telnet access.
An earlier Radware alert on BrickerBot spurred similar advice in an advisory earlier this month from the US Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).
Do you know all about security in 2017? Try our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…