Over the course of the last year, the media has been packed with reports of malware and ransomware crises, even without the likes of WannaCry, and now Petya, which was wreaking global havoc only last week. But what about phlashing attacks?
Dubbed permanent denial of service (PDoS) attacks they are so-called because they act as a typical DoS attack but with permanent effects.
Hackers carrying out these attacks have one sole purpose: to infect and permanently damage — or ‘brick’ — a device. More specifically, phlashing attacks target IoT (Internet of Things) connected devices to exploit known vulnerabilities in IoT security and software.
The IoT Industry and Brickerbot
The majority of malware infects IoT devices for monetary gain: opportunistic criminals demand a ransom for profit. BrickerBot, however, has entered the IoT scene for the sole purpose of destruction. This destruction carries no benefit to anyone, including the hacker. Once BrickerBot’s malware infects a Linux-based IoT device, the owner is left with no choice but to purchase an entirely new device.
From the perspective of the cyber criminal, their work is complete, and they move on to the next device without any monetary reward like the Bitcoin ransoms paid out by common ransomware attacks.
BrickerBot uses the same exploit vector as the damaging Mirai worm, remotely accessing systems to gain the admin credentials to hack a device. It uses a list of known default credentials used for various IoT devices, so if the device owner fails to follow security best practices and immediately change their default login credentials, BrickerBot can gain access to the device.
A ‘bricked’ IoT device will stop working within seconds of being hacked, and results in what is more commonly known as a phlashing attack.
Preventing IoT Malware
The main reason malicious hackers attack IoT devices is simple: because they can. IoT devices — ranging from cars and coffee pots to refrigerators and alarm clocks — entered the industry fast with little or no consideration for the ramifications a lack of cybersecurity would herald.
There are some steps you can take to better secure your devices against a PDoS attack. To begin with, ensure you and other employees are changing factory default credentials straight away on new devices. Change passwords regularly, and make sure they’re secure and not stored on a post-it note around the office.
One of the strongest defences against an attack like this is multi-factor authentication. This security feature requires users to provide authentication across two devices in order to log on. If you enable multi-factor authentication on IoT devices, any one device a cyber criminal gains access to will do little damage without authentication from a second.
Finally, devices are only as secure as the network they’re connected to. Ensure you have the best firewalls and backup solutions in place to protect the network, prevent attacks, and enable recovery if an attack does happen.
Jason Howells is EMEA director for Barracuda‘s MSP business.