New Bots Seek to Permanently Damage IoT Devices

- April 7, 2017

Over a four-day period an IoT honeypot from datacenter security firm Radware saw 1,895 PDoS attempts. A PDoS (permanent denial of service)—in contrast to its less-damaging cousin DDoS (distributed denial of service)—seeks to do permanent damage to the targeted device that will require replacement of firmware or hardware.

The devices set up by researchers at Radware received attack attempts from two different bots, named brickerbot.1 and brickerbot.2, merely hours apart.

Researchers wrote in a blog post that once the bot has gained successful entry, it issues a series of commands that will disable basic functions like Internet connectivity, but that ultimately result in corrupted storage by sending an “rm -rf /*” command that would wipe the entire root directory.

Both bots target devices that have the Telnet port open to the Internet, which is the same exploit used by other botnet attacks like Mirai.

The second bot the researchers observed is using the TOR network to obscure its origin, and issues a different series of commands, but the result is ultimately the same, a bricked device that will be nearly impossible to fix.