A malware family first identified late last month has already rendered millions of Internet-connected devices useless, according to its author.
The BrickerBot malware is aimed at disabling devices that are vulnerable to infection by botnets such as Mirai, which draws on their computing power to launch denial-of-service attacks.
Like Mirai, BrickerBot attacks devices such as routers and security cameras that run a stripped-down set of Unix tools called BusyBox, have a telnet-based interface exposed to the public Internet, and use factory-default security credentials.
Researchers say BrickerBot overwrites vulnerable devices’ memory with random data in such a way that in some cases they can’t be recovered even via a factory reset.
BrickerBot first attempts to secure devices without damaging them, said the individual, known only by the pseudonym “Janit0r” used in a few posts on the notorious Hack Forums website.
“The bricking behavior is a ‘plan B’… for units which are unlikely to be securable,” Janit0r told technology news website Bleeping Computer.
The BrickerBot family had disabled about 200,000 devices as of January, rising to more than 2 million in late April, Janit0r said.
“Now when the count is over two million it’s clear that I had no idea (and still have no idea) how deep the rabbit hole of IoT insecurity is,” the hacker wrote. “I’m certain that the worst is still ahead of us.”
Janit0r said the code, like the Hajime malware family that surfaced last October, is intended as a kind of “chemotherapy” to help manage the immediate threat posed by vulnerable Internet-connected devices.
“I hope the unconventional actions by ‘BrickerBot’ have helped in buying another year of time for governments, vendors and the industry in general to get the current IoT security nightmare under control,” Janit0r wrote.
The firm said it couldn’t verify Janit0r’s claims of the number of devices affected so far, but said the attacks appear likely to continue for the time being.
“BrickerBot.3 poses a clear and present danger for any IoT device with factory default credentials,” Radware said in an advisory.
The company said users of vulnerable devices should change their factory-default login credentials and to disable telnet access.
An earlier Radware alert on BrickerBot spurred similar advice in an advisory earlier this month from the US Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).
Do you know all about security in 2017? Try our quiz!
Thoma Bravo agrees to acquire Darktrace for $5.32 billion in cash, delivering some welcome news…
Customer adoption of AI services embedded in cloud services continues to deliver results for Microsoft,…
TikTok's 'secret source' algorithm is so core to ByteDance, it would rather shut down US…
After relocating from California to Texas in 2020, Oracle's Larry Ellison now reveals plan to…
Share price hit after Meta admits heavy AI spending plans, after posting strong first quarter…
For third time Google delays phase-out of third-party Chrome cookies after pushback from industry and…