Gadgets
What is the “brick”, in which gadgets sometimes turn, know by hearsay many geeks. It’s about devices that work normally and suddenly just do not turn on and show signs of life. To such a lamentable result can result, for example, unsuccessful firmware of the device, problems with the gadget software or malicious programs. Information security specialists from the company Radware discovered a few days ago a malicious person, which turns into “bricks” vulnerable smart devices. Researchers say that to attack gadgets this malicious software began on March 20 this year.
It’s about BrickerBot, a malicious program that exists immediately in two incarnations. The first is BricketBot.1, the second is BricketBot2, respectively. Both versions of the software are attacked only by those systems that run on the basis of Linux BusyBox. In just four days of last month, Radware employees recorded 2250 PDoS attacks (Permanent Denial of Service) for a specially designed blende that skillfully portrayed itself as an IoT device.
As it turned out, the attacks came from separate units located all over the world. BrickerBot.1 after a certain number of attacks became silent, but BrickerBot.2 turned out to be more active. He tried to attack the “podsadnye” device about every two hours for several days. Malware attacks badly protected Iot systems on Telnet and really turns them into a “brick”. BrickerBot chooses those gadgets that can be accessed by default login / password bindings. While it is unclear how exactly the attack occurs and why in general malicious attempts to disable various gadgets.
At the first stage of the attack, BrickerBot acts in the same way as other IoT malware, including Mirai. There is a brute force on Telnet, with the selection of access to management functions of the compromised device. According to experts who discovered BrickerBot, in its code the most popular login / password bindings for the administrator of various device models are registered.
If the attack succeeds and malware has access to the system, attempts are made to disable the attacked gadget. To do this, the malware uses several different methods. The two versions of BrickerBot have different methods. But they have one goal – turning the gadget into a “brick”.
Among other methods of working with vulnerable gadgets, for example, wiping data on drive devices. In addition, the value net.ipv4.tcp_timestamps = 0 is set, after which the IoT gadget can not connect to the Internet. Another malware tries to set the value of kernel.threads-max = 1 instead of the standard 10,000. This leads to the fact that gadgets based on ARM simply fail because of the stopping of kernel operations.
Experts point out that a compromised gadget stops working after a few seconds after infection. Interestingly, BrickerBot.1 attacks IoT devices from different IP addresses around the world, as already mentioned. But the second version of the botnet works through Tor network elements, so it’s very difficult to track the work of this software, if at all possible.
An unusual difference between this malware and others is that it is not Tries to connect the attacked devices to the botnet. In fact, damage to IoT gadgets is the only visible goal of BrickerBot. Experts suggest that bot makers may be disgruntled by the inattention to the problem of cybersecurity hackers who decided to teach careless owners.
Perhaps this malware really will attract more attention to this problem than the usual words about the need to be cautious and to change the account after buying a network device in the store. Nevertheless, this way of “learning the basics of information” can be just dangerous. For example, such software can disable many CCTV cameras that serve some good purpose. As a result, the same surveillance cameras that monitor the order in the streets of cities at one point may stop working.
“Try to imagine that the surveillance camera has disconnected at the embassy. How should this be regarded as an act of aggression against a state? Such attacks are very easy to implement, I believe that this is only the beginning. I would not like to say that this is bad, but I think that there are less destructive ways to achieve the same goal. For example, you can start simply fixing device vulnerabilities. But this requires more professionalism, “said Victor Gevers, head of GDI.foundation.
In addition, he asked the authors of the malware to contact him to try to plan any measures to correct the current situation and The development of ways to remove unsafe IoT gadgets from the impact while simultaneously fixing their problems.
