A new kind of attack is targeting unsecured Internet of Things devices by scrambling their code and rendering them useless.
Radware first spotted the newly found “BrickerBot” malware last month after it started hitting its own honeypots, logging hundreds of infection attempts over a few days. When the malware connects to a device with their default usernames and passwords — often easily found on the internet — the malware corrupts the device’s storage, leading to a state of permanent denial-of-service (PDoS) attack, also known as “bricking.”
This attack “damages a system so badly that it requires replacement or reinstallation of hardware.”
It’s a novel take on an ongoing security problem with IoT devices: Botnets typically infect unsecured devices that are enlisted as part of wider bandwidth-stealing attacks to bring down websites and services by overwhelming them with traffic.