are the Same.
Get 30 Years of Expertise Immediately.
Fill in the form below and we will get to work right away.
CPU respects your privacy. We will never sell, rent or share to ANYONE. You can trust us.
After months and months of headlines about malware – particularly ransomware – creating all kinds of problems for businesses and individuals alike, a new threat is stepping into the spotlight. Phlashing attacks aren’t like most other cyber threats. While most hackers target victims in order to get their hands on money or data, the cybercriminals behind the BrickerBot infection aren’t after either.
Phlashing attacks like the BrickerBot infection are being referred to as permanent denial of service (PDoS) attacks. Where a typical DoS attack renders services or devices temporarily unavailable, PDoS attacks cause irreparable damage. Targeting IoT (Internet of Things) devices specifically, plashing attacks “brick” infected devices. A “bricked” device is about as useful as the slab of rock it’s named after, and the victim has no choice but to go out and buy a new device.
This is a huge problem for businesses that rely on IoT devices since unlike other cyber attacks the effects can’t be reversed. If a critical device is targeted by a phlashing attack, it will stop working within seconds. Until the device can be replaced and configured to work with your infrastructure, you’ll have to go without a vital technology asset.
It’s the level of destruction involved that sets a BrickerBot infection apart from other cyber threats. There is no payoff for the hacker. Their only goal is to infect and brick an IoT device and then move on to the next target. It’s destruction for the sake of destruction, taking advantage of the fact that the IoT market has been quickly flooded with a wide range of devices with little thought given to adequate cyber security measures.
BrickerBot uses the same exploit vector as the Mirai worm, attempting to access systems remotely in order to gain admin credentials that can be used to hack a device. BrickerBot relies on a list of known default credentials, which means that changing those default credentials as soon as you put the device into service cuts off that access.
In addition to changing the default credentials, you should be changing the passwords associated with these devices regularly. An even better choice would be to implement multi-factor authentication, which adds an extra layer of security to your IoT devices. By requiring users to provide two forms of authentication in order to gain access to any password-secured device from another device, you’re throwing up a major roadblock for a potential hacker.
And of course, as with any device, your IoT devices are only as secure as the network they are connected to. Solid endpoint protection measures like firewalls can go a long way towards preventing these types of attacks in addition to keeping your important business data secure.
Published on 10th July 2017 by Jeanne DeWitt.