The Merkle

What is BrickerBot?

It was only a matter of time until a new type of malware would target Internet of Things devices. BrickerBot, as this new threat is called, is capable of effectively bricking IoT devices by corrupting the device’s storage capability. This development once again highlights how IoT security remains a very problem that needs to be addressed sooner rather than later.

BrickerBot is A Very Real Problem

Although the Internet of Things is one of the most significant technological developments to look forward to, it continues to pose a lot of security challenges. The Mirai botnet illustrated how hackers can easily gain backdoor access to IoT devices. Once they take over the victim’s machine, it is used to perform large-scale denial-of-service attacks.

To make matters even worse, there is now a new type of malware going by the name of Brickerbot. As the name suggests, this is a very malicious toolkit capable of “bricking” Internet of Things devices. Whenever  a device is “bricked’ it means it can no longer be used. In some cases, bricked devices can be reset to their factory settings, although there is a very real chance the device will never be operational again.

BrickerBot is capable of causing a lot of destruction once criminals distribute the malware on a large scale. This particular toolkit effectively corrupts IoT device’s storage capability and reconfigures their kernel parameters. For the time being, it appears criminals are targeting Linux BusyBox-based IOT devices, although that situation may come to change. Cybercriminals often take existing malware and add “improvements” to make them more versatile as time progresses.

What is more troublesome, however, is how BricketBot uses a list of default credentials for most IoT devices. Despite numerous malware-based attacks against these devices in the past, the credentials are still valid to this very day. This leaves an unknown number of Linux BusyBox IoT devices vulnerable to attack. Device owners are – once again – urged to change the default credentials as soon as possible to avoid having to deal with bricked devices.

It appears there are two different BrickerBot malware variants in circulation right now. BricketBot.1 targets Ubiquity network devices running an older version of the DropBear SSH server software. Bricketbot.2, on the other hand, remains somewhat of a mysterious malware strain. We do know attacks originating through this malware originate from behind Tor exit nodes, making them virtually impossible to trace.

It is evident someone – or a specific group of individuals – is looking to brick as many IoT devices as humanly possible. Removing unsecured devices from the Internet of Things ecosystem will make it safer, yet the methods used are very questionable at best. Deliberate destruction of  a device is never a rightful course of action, regardless of the reasoning behind it. Unfortunately, it appears distribution of BricketBot is still in the early stages. It is impossible to tell what will happen in the future, although it seems likely millions of IoT devices are at risk of getting bricked.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.