Everything You Need to Know About Brickerbot, Hajime, and IoT Botnets
By now you have probably heard about Brickerbot, Hajime, and the growing problem of Internet of Things (IoT) botnets. This round-up will provide you with a number of comprehensive resources to bring you up to speed.
On April 5th, Radware’s Pascal Geenens released the results of his research over a four-day period, where our honeypot recorded 1,895 Permanent Denial of Service (PDoS) attack attempts performed from several locations around the world. Also known as “phlashing,” PDoS is an attack that damages a system so badly that it requires replacement or reinstallation of hardware. Besides this intense, short-lived bot (BrickerBot.1), Radware’s honeypot recorded attempts from a second, very similar bot (BrickerBot.2) discovered less than one hour apart.
About a week after the initial discovery of Brickerbot, Pascal offered his thoughts on who was being targeted and why. He also recorded the results of a “brick test” done on a camera belonging to one of our security evangelists. In this test, the sequence of commands for Brickerbot.1 was run and the camera was disconnected from the network and stopped responding, even to a factory reset.
A week after sharing more of his findings on Brickerbot, Pascal discovered yet another new version of Brickerbot (Brickerbot.3), with a different command sequence. Around this time, the author of Brickerbot was identified and began to speak publicly about his motives, making a statement about the need for officials and hardware vendors to take definitive action to improve the state of IoT security. In this blog, Pascal takes a deep dive into the command sequencing and what happened within the first 12 hours of this series of attacks, including a fourth version of Brickerbot (Brickerbot.4). He also offers some tips for how to protect your IoT devices. For additional DDoS protection and web application essentials, you can also take a look at our ERT Alert: BrickerBot PDoS Attack: Back With A Vengeance.
Scared yet? As long as IoT devices stay clean from any of the known IoT bots, there is no reason to fear the BrickerBot. In this blog, Pascal shares the results of his research into how Brickerbot might identify and target victims. He also looks at how to detect compromised devices.
On Oct 16th, Sam Edwards and Ioannis Profetis from Rapidity Networks published a report on a new malware they discovered and named “Hajime.” The report came in the aftermath of the release of the Mirai source code and Mirai’s attacks on Krebs and OVH. While Brickerbot was stealing the headlines, Hajime was still a subject many researchers were studying and analyzing, trying to determine its purpose and the intentions of its author. No attacks have been attributed to Hajime, but it is sophisticated, well designed and flexible enough to be repurposed quickly. In this blog, Pascal looks at the potential of Hajime and the future of IoT botnets.
Radware’s Carl Herberger likens some of the nefarious threat actors to comic book giants. The world of IoT bots and cyber security are giving birth to amazing characters in particular, AraknoiD, the j3ster and the janit0r. In this blog, Carl looks at these three individuals, as they make up a virtual “Bot Squad.”
When BrickerBot was discovered, it was the first time we’ve seen a botnet that would destroy an IoT device, making it unusable. So what does this mean for the future of connected devices? Radware’s David Hobbs explores that question in this blog post, along with his predictions for the future of PDoS attacks.
With the growing use of IoT devices, we have to wonder: What if people’s homes become more and more permanently infected because of Phlashing attacks? David Hobbs speculates that that would be the next natural progression for botnets like Brickerbot. A vulnerability exists because most home users are not aware of the risks associated with these devices, and even the most advanced systems can be bypassed and evaded by malware. Our hope is that the manufacturers of these products will take steps to better secure existing and new products. If not, we will be left to rely on grey hat vigilantes like the author of Brickerbot.