BrickerBot is back, and how. The dedicated denial-of-service botnet first arrived on the scene back in March and ruled for four days, incapacitating IoT devices with as many as 1,895 attacks.
BrickerBot is back again this month, but is several times as potent as its predecessor. In the first fifteen hours of operation, BrickerBot.3 launched as many as 1,295 attacks on vulnerable IoT devices with poor security protocols.
“Just like BrickerBot.1, this attack was a short but intense burst. Shorter than the four days BrickerBot.1 lasted, but even more intense. The attacks from BrickerBot.3 came in on a different honeypot than the one that recorded BrickerBot.1. There is, however, no correlation between the devices used in the previous attack versus the ones in this attack,” said Pascal Geenens, a security researcher to Ars Technica.
BrickerBot.3 launched permanent denial of service attacks, bricking IoT devices which could not be recovered even after they were subjected to factory resets. All the impacted devices were found to contain similar vulnerabilities. All of them ran a Linux tool package called BusyBox, featured publicly-exposed telnet-based interface and still ran default factory passwords. Alarmingly, a new BrickerBot.4 botnet is also in the play, and both BrickerBot.3 and BrickerBot.4 have together launched 1,400 attacks in a single day.
The affected devices are mostly poorly-secured DVRs, connected cameras and other IoT devices. For example, a Sricam AP003 metal gun-type waterproof outdoor bullet IP camera was so brutally bricked that it could not be connected back to servers even after factory resets.
A hacker named ‘The Janit0r’ has owned up for the BrickerBot attacks, which he claims were used to expose vulnerabilities in the IoT industry and force companies to implement stricter practices.
“Like so many others I was dismayed by the indiscriminate DDoS attacks by IoT botnets in 2016. I thought for sure that the large attacks would force the industry to finally get its act together, but after a few months of record-breaking attacks it became obvious that in spite of all the sincere efforts the problem couldn’t be solved quickly enough by conventional means,” the hacker said to Bleeping Computer.
“I consider my project a form of “Internet Chemotherapy” I sometimes jokingly think of myself as The Doctor. Chemotherapy is a harsh treatment that nobody in their right mind would administer to a healthy patient, but the Internet was becoming seriously ill in Q3 and Q4/2016 and the moderate remedies were ineffective,” the hacker added.
Back in May of last year, researchers at the University of Michigan discovered security flaws in a smart home system, using which they were able to ‘unlock a Samsung SmartThings lock, obtain PIN codes for smart locks, deactivate the system’s holiday mode and trigger a fake fire alarm.’
“While the risk of vulnerable IoT devices is becoming increasingly apparent through the number of vulnerable devices and subsequent breaches, security frequently remains an afterthought for the industry rather than an integral factor from the design phase,” said Veracode senior solution architect Paul Farringdon.
It was also discovered that most hospitals use a number of connected devices like insulin devices, pacemakers and other medical gadgets which are connected to the IoT but lack effective and reliable solutions to protect themselves, thus endangering the lives of patients.
“Hospitals do not have the funding, infrastructure and skills to do that properly. It is never going to go away, but they can start doing some of the best practice stuff to minimise the chances [of suffering a cyber breach],” said Rashmi Knowles, chief security architect for EMEA at RSA.