It’s not Halloween, but if you’re not careful your devices could be zombified! Mobile and Internet of Things devices are under attack from a new malware with two variations called BrickerBot.1 and BrickerBot.2.
While other malware can wreak havoc on your mobile devices, causing them to turn into bots for larger scale attacks, exposing personal data to hackers, or even causing the devices to perform unauthorized functions, BrickerBot is arguably even more devastating.
Under the right conditions, this malware can irreparably corrupt a device’s storage, rendering it useless. The only way to recover is to physically replace or reinstall the hardware.
Watch Your Back, Front, and All of Your IoT devices
Most of us are connected to the internet in some fashion at all times. Even if your computer and mobile devices themselves are turned off or have been disconnected from the internet, the IoT devices in your home are most likely still online and capable of sending or receiving data.
In fact, these connected devices, including appliances, cameras, and even home automation products like thermostats, are often very attractive targets for hackers, since they tend to have far fewer layers of security and aren’t typically as protected as a personal computer. With just a little bit of basic information, it’s possible for a hacker to gain access to, say, your connected security camera, and then use that device to uncover more information about you or even a way into your other devices.
According to firms that keep abreast of the latest technology, including how malware and other threats to data security threaten our networks and devices, the new BrickerBot.1 and BrickerBot.2 malware provide a new twist to the inventive and malicious hacking that penetrates our systems. Unlike other malware, which is typically used to steal information, the BrickerBots just destroy devices. This has some scratching their heads, since there doesn’t seem to be much to gain from such activities, but the answer may be with a hacker who is little more than an internet vigilante.
‘B’ Is for BrickerBot
On the surface, the origins of the BrickerBot malware almost seem, if not exactly legal or helpful, at least somewhat noble. A hacker going by the name of “Janit0r” on Hackforums claimed that he was frustrated by the spate of DDoS attacks on the IoT throughout 2016, and wanted to spur manufacturers to do more to secure the devices and protect them from malware and other attacks. Janit0r railed against manufacturers who create IoT devices without adequate security knowledge, thereby putting the average consumer at risk.
Initially, Janit0r planned to alert consumers to unsecured devices as a means of helping them. Once his hack gained access to the devices, it would attempt to secure them without damaging them. Only when it was determined that a device could not be secured would the hacker’s software wipe the device’s data and create a Permanent Denial of Service (PDoS), which can only be fixed by replacing the hardware.
The odd thing that puzzles security firms is that this hacker destroys devices that he could have used to gain great wealth. So, wealth does not appear to be his motivation as with many hackers. Janit0r considers himself a good guy, a white-hat hacker, who is performing “Internet Chemotherapy” on connected devices.
Unfortunately, that “alert” has since infected more than 2 million devices — and has severely damaged them. BrickerBot, despite the original intent, has become malware. This has turned Janit0r into a criminal who has wreaked havoc and left a very expensive and dangerous legacy by exploiting security system flaws simply to add to his count with the intent of sending a message to device manufacturers to improve their security stance.
Fight Back and Protect What You Own
In Janit0r’s post on Hackforums claiming responsibility for BrickerBot, he focused on consumers purchasing items such as DVRs that are exceptionally vulnerable to malware. What he seems to have failed to recognize, though, is the dangerous — and possibly deadly — scenarios that the malware could create. For instance, a patient with a remotely monitored pacemaker could have their life put at risks should a BrickerBot infection corrupt the device. As a result, companies that create protective software and work to assist companies with vulnerable equipment have are issuing new guidance on how both businesses and consumers can remain safe from this new threat.
This advice includes:
- Upgrading and update their devices with the most recent patches and security protocols. While the manufacturing and security business segments can be particularly vulnerable, this advice applies to anyone with IoT or other connected devices.
- Change manufacturer-provided passwords. Janit0r scorns those who use default logins like “admin” and designed the malware to target those devices.
- Consider changing logins to something different — longer, with varied letters, numbers, and upper and lowercase letters. Don’t use your birthdate, address, anniversary, or family members’ names as a derivative source for logins or passwords.
Once that’s completed, experts also suggest disabling remote access to most devices. While you might be thinking, “But it’s so useful to be able to change my computer, house systems, and other devices remotely,” keep in mind that if you can access your devices remotely, so can a clever hacker. Consider how a hacker could target your company or organization, access your assets, and use the data they control to wipe out your business, and that convenience may become less of a priority.
Understand that BrickerBot.1 and BrickerBot.2 aren’t the only threats you need to be concerned with. Another bad guy strategy is the use of malicious Linux to destroy a device by “corrupting or misconfiguring the device’s storage capability and kernel parameters, hindering internet connection, tampering with device performance, and wiping all files on the device.” Therefore, you need to take every precaution to protect your devices and keep hackers out.
Devise a Strategy and Follow Through
So many firms relegate their technology to someone they think is all knowing. These in-house technology geeks are usually saddled with mundane tasks and don’t have time to create all the changes or do the research that is needed to keep an organization as safe as it needs to be. The result is often a connected device that is functional, but lacks the security protections necessary in today’s threat landscape.
Therefore, companies in the process of developing IoT devices should consider contracting with security experts from outside the organization to ensure that devices are secure and protected. This may require extra time and resources, but remember that hackers appear to have endless time to create their malicious mischief. Don’t make it easy for them to make you a victim.