Today the DHS ICS-CERT published a control system security alert today about a new botnet attack that affects IOT devices. The attack bricks the affected devices, thus the name, BrickerBot. ICS-CERT identifies Radware as the initial source of the report on BrickerBot and provides a link to their BrickerBot report (originally published a week ago).
ICS-CERT provides the following summary of the two BrickerBot versions (BrickerBot 1 affects Ubiquiti devices and BrickerBot 2 affects Android devices):
• BrickerBot.1 targets devices running BusyBox with an exposed SSH command window and an older version of Dropbear SSH server. Most of these devices were also identified as Ubquiti network devices, some of which are access points or bridges with beam directivity.
• BrickerBot.2 targets Linux-based devices which may or may not run BusyBox or use Dropbear SSH server. However, Brickerbot.2 can only access devices which expose a Telnet service protected by default or hard-coded passwords.
ICS-CERT is working to identify affected devices and will work with vendors to see what equipment specific mitigation measures (if any) will be used to mitigate this vulnerability.