Data-Wiping Malware Takes Aim at IoT Devices

Data-Wiping Malware Takes Aim at IoT Devices

New breeds of malware specializing in wiping data are targeting internet of things (IoT) devices in homes and businesses.

According to Comodo Labs, hackers are seen to be adding data-wiping routines to some of the malware that are designed to infect IoT and embedded devices, including Amnesia and BrickerBot.

The aptly named Amnesia malware is a variation of Tsunami, an older IoT botnet client. Amnesia infects digital video recorders, exploiting a year-old vulnerability.

“Programmed basically for Linux-based environments, this malware first performs checks to detect if the environment it is running in is actually a virtualized one,” Comodo researchers explained. “Next, it would try to wipe critical directories from the file system; this is done by using the Linux ‘rm-rf’ shell command.”

Meanwhile BrickerBot, which also targets Linux-based IoT devices, is launched from compromised routers and wireless access points. It targets IoT devices that have Telnet service running and which are exposed to the internet; and it goes about trying to authenticate these with common username and password combinations. It should be added that BrickerBot takes aim at not just embedded and IoT devices, but any Linux-based device or system with weak credentials.

Once compromise is achieved, the malware launches a series of destructive commands which would overwrite data from the IoT device’s mounted partitions.

“BrickerBot also tries to render the device unusable by killing the internet connection itself,” Comodo researchers said. “Devices that are infected with BrickerBot malware may need a firmware reflash. Consequently, configurations would be lost. Data could be wiped out from external hard drives for routers with USB ports or network-attached storage devices.”

IoT devices are handy additions for botnets—easily enslaved and, because they lead an existence that tends to be free of human interaction, can be compromised without notice for long periods of time.

Hackers most often seize control of IoT devices to carry out DDoS attacks, as seen with Mirai. In BrickerBot’s case, it’s a permanent DDoS.

“This has become rampant and users don’t even know that the IoT devices they are using—cameras, routers, internet-attached storage systems, etc.—are infected. They wouldn’t even be able to notice the impact that has been made on the performance of these devices. Only when a malware like BrickerBot causes a device to stop does a user realize that there is an issue.”

Users should always check the manufacturer’s security track record when buying IoT devices and whether the company regularly issues patches and/or automatic updates; and they should make sure there is a dedicated point of contact for the company if security issues occur.

Source: Information Security Magazine