BrickerBot DDoS botnets exploited vulnerabilities, crippled IoT devices

BrickerBot DDoS botnets exploited vulnerabilities, crippled IoT devices

BrickerBot is back, and how. The dedicated denial-of-service botnet first arrived on the scene back in March and ruled for four days, incapacitating IoT devices with as many as 1,895 attacks.

BrickerBot is back again this month, but is several times as potent as its predecessor. In the first fifteen hours of operation, BrickerBot.3 launched as many as 1,295 attacks on vulnerable IoT devices with poor security protocols.

"Just like BrickerBot.1, this attack was a short but intense burst. Shorter than the four days BrickerBot.1 lasted, but even more intense. The attacks from BrickerBot.3 came in on a different honeypot than the one that recorded BrickerBot.1. There is, however, no correlation between the devices used in the previous attack versus the ones in this attack," said Pascal Geenens, a security researcher to Ars Technica.

BrickerBot.3 launched permanent denial of service attacks, bricking IoT devices which could not be recovered even after they were subjected to factory resets. All the impacted devices were found to contain similar vulnerabilities. All of them ran a Linux tool package called BusyBox, featured publicly-exposed telnet-based interface and still ran default factory passwords. Alarmingly, a new BrickerBot.4 botnet is also in the play, and both BrickerBot.3 and BrickerBot.4 have together launched 1,400 attacks in a single day.

The affected devices are mostly poorly-secured DVRs, connected cameras and other IoT devices. For example, a Sricam AP003 metal gun-type waterproof outdoor bullet IP camera was so brutally bricked that it could not be connected back to servers even after factory resets.

A hacker named 'The Janit0r' has owned up for the BrickerBot attacks, which he claims were used to expose vulnerabilities in the IoT industry and force companies to implement stricter practices.

"Like so many others I was dismayed by the indiscriminate DDoS attacks by IoT botnets in 2016. I thought for sure that the large attacks would force the industry to finally get its act together, but after a few months of record-breaking attacks it became obvious that in spite of all the sincere efforts the problem couldn't be solved quickly enough by conventional means,” the hacker said to Bleeping Computer.

"I consider my project a form of "Internet Chemotherapy" I sometimes jokingly think of myself as The Doctor. Chemotherapy is a harsh treatment that nobody in their right mind would administer to a healthy patient, but the Internet was becoming seriously ill in Q3 and Q4/2016 and the moderate remedies were ineffective,” the hacker added.

Back in May of last year, researchers at the University of Michigan discovered security flaws in a smart home system, using which they were able to 'unlock a Samsung SmartThings lock, obtain PIN codes for smart locks, deactivate the system's holiday mode and trigger a fake fire alarm.'

“While the risk of vulnerable IoT devices is becoming increasingly apparent through the number of vulnerable devices and subsequent breaches, security frequently remains an afterthought for the industry rather than an integral factor from the design phase,” said Veracode senior solution architect Paul Farringdon.

It was also discovered that most hospitals use a number of connected devices like insulin devices, pacemakers and other medical gadgets which are connected to the IoT but lack effective and reliable solutions to protect themselves, thus endangering the lives of patients.

"Hospitals do not have the funding, infrastructure and skills to do that properly. It is never going to go away, but they can start doing some of the best practice stuff to minimise the chances [of suffering a cyber breach]," said Rashmi Knowles, chief security architect for EMEA at RSA.

Copyright Lyonsdown Limited 2020

Top Articles

Universal Health Services lost $67m to a Ryuk ransomware attack last year

Universal Health Services said the cyber attack cost it $67 million in remediation efforts, loss of acute care services, and other expenses.

How the human immune system inspired a new approach to cyber-security

Artificial intelligence is being used to understand what’s ‘normal’ inside digital systems and autonomously fight back against cyber-threats

Solarwinds CEO blames former intern for hilarious password fiasco

SolarWinds has accused a former intern of creating a very weak password for its update server and storing it on a GitHub server for months.

Related Articles