details

Following events in the past year, the narrative around IoT has shifted from excitement to concern about the digital and physical threat it poses. The creator of malware which bricks insecure devices is suspected to be a vigilante hacker who aims to save us from our machines.

BrickerBot, as the malware is known, searches for BusyBox-based Linux devices with exposed Telnet ports and proceeds to brute-force its way into the device. From there, BrickerBot corrupts the compromised device’s storage in what is called a Permanent Denial of Service (PDoS) attack.

Security researchers at McAfee ran a ‘honeypot’ experiment just this week unleashing the Mirai botnet malware on a poorly-secure IoT device and it was compromised in under a minute. Mirai was responsible for the DDoS (Distributed Denial of Service) attack on DNS provider Dyn last year which disrupted popular services including Twitter, GitHub, PlayStation Network, and others.

Dyn was hit with a record-breaking 1.2 Tbps of traffic originating from approximately 100,000 Mirai-infected IoT devices around the world. The previous record-holding attack peaked at 600 Gbps of traffic, which provides some idea of the increased threat posed to businesses and the number of vulnerable IoT devices. Speaking in the most recent edition of our IoT News magazine, F-Secure Security Advisor Sean Sullivan observed: “You can get competent services by those with experience in DDoS mitigation, but it’s ultimately only going to be as good as the last best attack.”