Today the DHS ICS-CERT published a control system security alert today
about a new botnet attack that affects IOT devices. The attack bricks the
affected devices, thus the name, BrickerBot. ICS-CERT identifies Radware as the
initial source of the report on BrickerBot and provides a
link to their BrickerBot report (originally published a week ago).
ICS-CERT provides the following summary of the two BrickerBot
versions (BrickerBot 1 affects Ubiquiti devices and BrickerBot 2 affects
Android devices):
• BrickerBot.1 targets devices
running BusyBox with an exposed SSH command window and an older version of
Dropbear SSH server. Most of these devices were also identified as Ubquiti
network devices, some of which are access points or bridges with beam directivity.
• BrickerBot.2 targets Linux-based devices which may
or may not run BusyBox or use Dropbear SSH server. However, Brickerbot.2 can
only access devices which expose a Telnet service protected by default or
hard-coded passwords.
ICS-CERT is working to identify affected devices and will
work with vendors to see what equipment specific mitigation measures (if any)
will be used to mitigate this vulnerability.
Posts
No comments:
Post a Comment