Cybersecurity experts are warning of a new type of malware strain that uses known default user credentials to attack unsecured Internet of Things (IoT) devices and destroy them, reports Bleeping Computer.
Discovered by cybersecurity firm Radware, BrickerBot has two versions – BrickerBot.1 and BrickerBot.2 – and was found to be active since March 20, targeting only Linux BusyBox-based devices with Telnet ports left open.
This malware renders devices inoperable within seconds of infecting them through PDoS (Permanent Denial of Service) or "phlashing" attacks. The two versions work in the same manner but through different sets of commands; while BrickerBot.1 comes through worldwide IPs likely assigned to Ubiquiti network devices, BrickerBot.2 attacks are hidden behind Tor exit nodes and difficult to trace.
The attacker’s motive has confounded cybersecurity experts because it destroys without benefiting the destroyer. They suspect it could be the work of a vigilante who wants to alert users to unsecured devices.
Victor Gevers of GDI.foundation is however critical of the approach and believes that, "Instead of bricking you could also allow the devices to still work and just patch the vulnerability.”
Click here for details.