Monday, May 26, 2025
HomeBotnetPermanent Denial-of-Service attack with IOT devices-BrickerBot

Permanent Denial-of-Service attack with IOT devices-BrickerBot

Published on

SIEM as a Service

Follow Us on Google News

PDoS is an attack that harms a system so severely that it requires substitution or re-installation of hardware.By abusing security defects or misconfigurations, PDoS can decimate the firmware or potentially functions of system.

As per the analysis from Radware’s honeypot around 1,895 PDoS attempts where recorded with malware strain BrickerBot from several location around the Globe.

It is compromising only Linux/BusyBox-based IoT devices which have their Telnet port open and exposed publically on the Internet.

Attack classified into two stages.

- Advertisement - Google News
  • BrickerBot.1  –  short-lived bot.
  • BrickerBot.2  –  Bot that initiates PDoS attempts.

BrickerBot Attacking Vector

BrickerBot uses traditional Brute force method to initiate the attack, upon successful mitigation it runs a series of LINUX commands.

Which leads to corrupted storage, trailed by commands to disturb Internet network, device execution, and then wiping of all records on the device.

Permanent Denial-of-Service with IOT devices-BrickerBot
Command sequence of BrickerBot.1
Source : Radware

In parallel, Radware’s honeypot recorded more than 333 PDoS endeavors with an alternate command signature. The source IP addresses from these endeavors are TOR Nodes and subsequently there is no recognizing the real wellspring of the attacks.

It is significant that these attacks are as yet progressing and the attacker/creator is utilizing TOR egress hubs to cover its bot(s).The first credentials attempted to brute the Telnet login are root/root and root/vizxv.

Permanent Denial-of-Service with IOT devices-BrickerBot
Command sequence of BrickerBot.2
Source : Radware
Among the special devices targeted are /dev/mtd (Memory Technology Device – a special device type to match flash characteristics) and /dev/mmc (MultiMediaCard – a special device type that matches memory card standard, a solid-state storage medium)

BrickerBot Targets

The utilization of the “busybox” command combined with the MTD and MMC extraordinary devices implies this attack is focused on particularly at Linux/BusyBox-based IoT devices.

PDoS endeavors started from a predetermined number of IP locations spread the world over. All devices are exposing port 22 (SSH) and running very older version of the Dropbear SSH server.

Mitigations

  • Change the device’s factory default credentials.
  • Disable Telnet access to the device.
  • Network Behavioral Analysis can detect anomalies in traffic and combine with automatic signature generation for protection.
  • User/Entity behavioral analysis (UEBA) to spot granular anomalies in traffic early.
  • An IPS should block Telnet default credentials or reset telnet connections. Use a signature to detect the provided command sequences.

Also Read

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to...

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code...

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager...

Hackers Target macOS Users with Fake Ledger Apps to Deploy Malware

Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

New HTTPBot Botnet Rapidly Expands to Target Windows Machines

The HTTPBot Botnet, a novel Trojan developed in the Go programming language, has seen...

20-Year-Old Proxy Botnet Network Dismantled After Exploiting 1,000 Unpatched Devices Each Week

A 20-year-old criminal proxy network has been disrupted through a joint operation involving Lumen’s...

Mirai Botnet Actively Targeting GeoVision IoT Devices for Command Injection Exploits

The Akamai Security Intelligence and Response Team (SIRT) has identified active exploitation of command...