Months after the Mirai botnet attack surfaced online, BrickerBot has emerged as the fresh malware targeting Internet of Things (IoT) devices. The new malware can damage storage and kernel parameters of connected hardware by gaining malicious access.
Security research company Radware has detected two versions of the BrickerBot malware on its honeypot servers. The first attack was recorded on March 20. Further, Radware’s servers have recorded 1,895 permanent denial-of-service (PDoS) on the BusyBox toolkit.
Radware claims that all the attack attempts were driven by two different versions, namely BrickerBot 1 and BrickerBot 2. The malware intelligently changes its attack location around the world and targets only Linux-based IoT devices with BusyBox toolkit.
Uses Telnet brute force
Similar to Mirai that resulted in a notable 620 Gbps of denial-of-service (DDoS) attack, the BrickerBot PDoS attack reportedly used Telnet brute force vector to breach the devices. It does not even attempt to download a binary to compromise the affected hardware. This makes it difficult for security experts to generate a list of credentials that were used for the brute force attempt.
Radware recommends to change device’s default credentials, disable Telnet access and analyse the network behavior. You can try User/Entity behavior analysis methods to spot granular anomalies in the traffic.