Cybersecurity firm Radware has discovered a new Permanent Denial-of-Service (PDos) botnet, designed to render the victim’s hardware useless. Also known as “phlashing,” a PDoS attack can damage a system so badly that it requires replacement or reinstallation of hardware, the company said.
Named BrickerBot, this form of attack is becoming increasingly popular, Ron Winward, Radware security evangelist, said. He announced the discovery at the Data Center World conference taking place this week at the Los Angeles Convention Center.
By exploiting security flaws or bad configurations, PDoS can destroy the firmware and/or basic system functions. It is different from its well-known cousin, the DDoS attack, which overloads systems with requests meant to saturate resources through unintended usage.
“Upon successful access to the device,” said Winward, “the PDoS bot performed a series of Linux commands that would ultimately lead to corrupted storage, followed by commands to disrupt internet connectivity, device performance, and the wiping of all files on the device.”
Over a four-day period, Radware said it recorded 1,895 PDoS attempts performed from several locations around the world. Its sole purpose was to compromise IoT devices and corrupt their storage. Those attacks were stopped the first day the bot was discovered, on March 20. However, BrickerBot 2, spotted the same day, is still active and ongoing.
Similar to the exploit vector used by the Mirai botnet, which last October DDoSed 17 data centers of the DNS provider Dyn, BrickerBot used Telnet brute force to breach victims' devices.
Botnets are not new but have evolved to take advantage of increased usage of the internet and connections with mobile devices. That opens up so many doors for botnets to travel through and do damage to computer systems.
Botnets are made up of network of internet-connected “bots,” sometimes referred to as “zombies,” which are automated processes that execute pre-defined capabilities. A “botmaster” creates a botnet for the malicious intent of controlling a vast amount of hosts. Most of the time, the host doesn’t even realize they’ve been infected. These global networks are huge, and their widespread distribution makes them one of today's biggest cybersecurity threats.
Radware recommended taking the following precautions on its website:
- Change the device’s factory default credentials
- Disable Telnet access to the device
- Use network behavioral analysis to detect anomalies in traffic and combine with automatic signature generation for protection
- Your intrusion protection systems should block Telnet default credentials or reset telnet connections. Use a signature to detect the provided command sequences
