Certain malware attacks have been discovered that target IoT (Internet of Things) devices and cause the wiping out of data from the systems or devices that are infected. This discovery has been made based on certain attacks that happened recently. Hackers are seen to be adding data-wiping routines to some of the malware that are designed to infect IoT and embedded devices. For those who understand that endpoint protection is not just about having a good endpoint security software installed, but that it’s also about developing a comprehensive understanding of malware and malware strikes, here’s a look at two such malware that causes data wiping…
Malware 1: Amnesia
Malware Amnesia is a variation of Tsunami, an older IoT botnet client. Amnesia infects digital video recorders exploiting a year-old vulnerability. Programmed basically for Linux-based environments, this Malware first performs checks to detect if the environment it is running in is actually a virtualized one. Next, it would try to wipe critical directories from the file system; this is done by using the Linux “rm -rf” shell command.
Malware 2: BrickerBot
BrickerBot is also a malware that targets Linux-based IoT devices and it is launched from compromised routers and wireless access points. This IoT malware works by trying to authenticate IoT devices (those that have Telnet service running and which are exposed to the internet) with common username and password combinations. Once this is achieved, the malware launches a series of destructive commands which would overwrite data from the IoT device’s mounted partitions. BrickerBot also tries to render the device unusable by killing the internet connection itself. Devices that are infected with BirckerBot malware may need a firmware reflash. Consequently, configurations would be lost. Data could be wiped out from external hard drives for routers with USB ports or network-attached storage devices. Malware BrickerBot targets and hits not just embedded and IoT devices; it would attack any Linux-based device or system with weak credentials which can be cracked and which is accessible over Telnet.
Hacked IoT Devices Rampantly Used as Botnets
Hackers now seize control of IoT devices and then make botnets of them to carry out DDoS (Distributed Denial-of-Service) attacks. This has become rampant and users don’t even know that the IoT devices they are using- cameras, routers, internet-attached storage systems etc- are infected. They wouldn’t even be able to notice the impact that has been made on the performance of these devices. Only when a malware like BrickerBot causes a device to stop does a user realize that there is an issue. But when it’s a malware like Amnesia, you don’t even realize that there are vulnerabilities in your IoT device(s). As per reports the number os devices (like digital video recorders) that have been affected by the Amnesia malware, across countries like the US, India, Turkey, Israel and Taiwan, goes on increasing in a rather alarming manner.
So, what’s to be done?
- Check the manufacturer’s security track history when you buy IoT devices.
- Check if there is a dedicated point of contact for the company if website security issues occur.
- Check as to how the company handles vulnerabilities.
- Ascertain whether or not the company regularly releases security patches and supports its products for long.
- Check if the devices you buy have automatic update features.
- Last but not the least, use trusted security tools, including a good endpoint security software.