Exploit Uses Same Attack Vector as Mirai but Adds a Dangerous Twist
Radware® NASDAQ: RDWR), a leading provider of cyber security and application delivery solutions, released new research that revealed the existence of a Permanent Denial of Service (PDoS) malware that destroys unsecured Internet of Things (IoT) devices connected to the internet. The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), a part of the U.S. Department of Homeland Security, subsequently issued their own alert, to provide early notice of Radware’s threat findings and identify baseline mitigations for reducing risks to these and other cybersecurity attacks.
The PDoS attempts were first revealed in a recently issued Radware ERT Alert. The attacks are performed remotely using commands that could ultimately corrupt storage, break connectivity and render the device nonfunctional. The attacks specifically target Linux/BusyBox-based IoT devices connected to the internet. The discovered attacks were using the same exploit vector as Mirai, brute forcing their way in through Telnet.
“We coined it ‘BrickerBot’ because instead of enslaving IoT devices, like Mirai does, it attempts to destroy or ‘brick’ them,” said Pascal Geenens, Security Evangelist for EMEA Region for Radware and the researcher that discovered the malware. “Most consumers of such devices might never know they were the victim of malware. Their device would just stop working and the natural inclination is to think its they purchased faulty hardware.”
After Radware released its initial findings, the research team ran real-world tests on IP Cameras that met the target specifications of the attack. After running the BrickerBot malware onto the device, it stopped working completely. Unfortunately, even after performing the factory reset, the camera was not recovered and hence it was effectively bricked.
To learn more about this threat and other threats covered by Radware’s Emergency Response Team please visit: https://security.radware.com/ddos-threats-attacks/threat-advisories-attack-reports/
Radware® (NASDAQ: RDWR), is a global leader of application delivery and cyber security solutions for virtual, cloud and software defined data centers. Its award-winning solutions portfolio delivers service level assurance for business-critical applications, while maximizing IT efficiency. Radware’s solutions empower more than 10,000 enterprise and carrier customers worldwide to adapt to market challenges quickly, maintain business continuity and achieve maximum productivity while keeping costs down. For more information, please visit www.radware.com.
Radware encourages you to join our community and follow us on: Facebook, Google+, LinkedIn, Radware Blog, SlideShare, Twitter, YouTube, Radware Connect app for iPhone® and our security center DDoSWarriors.com that provides a comprehensive analysis on DDoS attack tools, trends and threats.
©2017 Radware Ltd. All rights reserved. Radware and all other Radware product and service names are registered trademarks or trademarks of Radware in the U.S. and other countries. All other trademarks and names are property of their respective owners. The Radware products and solutions mentioned in this press release are protected by trademarks, patents and pending patent applications. For more details please see: https://www.radware.com/LegalNotice/
Safe Harbor Statement
This press release may contain statements concerning Radware’s future prospects that are “forward-looking statements” under the Private Securities Litigation Reform Act of 1995. Statements preceded by, followed by, or that otherwise include the words "believes", "expects", "anticipates", "intends", "estimates", "plans", and similar expressions or future or conditional verbs such as "will", "should", "would", "may" and "could" are generally forward-looking in nature and not historical facts. For example, we cannot guarantee such research findings in the future. Because such statements deal with future events, they are subject to various risks and uncertainties and actual results, expressed or implied by such forward-looking statements, could differ materially from Radware's current forecasts and estimates. Factors that could cause or contribute to such differences include, but are not limited to: the impact of global economic conditions and volatility of the market for our products; changes in the competitive landscape; inability to realize our investment objectives; timely availability and customer acceptance of our new and existing products; risks and uncertainties relating to acquisitions; the impact of economic and political uncertainties and weaknesses in various regions of the world, including the commencement or escalation of hostilities or acts of terrorism; Competition in the market for Application Delivery and Network Security solutions and our industry in general is intense; and other factors and risks on which we may have little or no control. This list is intended to identify only certain of the principal factors that could cause actual results to differ. For a more detailed description of the risks and uncertainties affecting Radware, reference is made to Radware’s Annual Report on Form 20-F which is on file with the Securities and Exchange Commission (SEC) and the other risk factors discussed from time to time by Radware in reports filed with, or furnished to, the SEC. Forward-looking statements speak only as of the date on which they are made and, except as required by applicable law, Radware undertakes no commitment to revise or update any forward-looking statement in order to reflect events or circumstances after the date any such statement is made. Radware’s public filings are available from the SEC’s website at www.sec.gov or may be obtained on Radware’s website at www.radware.com.