Skip to Main Content

There’s a new malware in town… and it’s called Brickerbot

Posted by Carolyn Devadawson on 18th April 2017

In September, Mirai effected one of the largest distributed denial-of-service (DDoS) attacks and managed to disrupt an array of the internet’s biggest websites, including Spotify, Twitter, and PayPal. Over 2.5 million internet of things (IoT) devices were attacked.

Mirai targets IoT devices with weak security, turns them into bots and ‘forces’ them to report to a central control server — making them perfectly prepped for a DDoS attack. But recently, another malware has been discovered, also scanning for IoT devices with weak security. Only this time, it uses techniques to ‘brick’ them, hence the name Brickerbot.

Last month, Pascal Geenens, a researcher at cybersecurity company Radware, spotted Brickerbot cropping up in ‘honeypots’. These are systems set up to be easy prey for attacks but logs and traces activity for analysis. Within the span of just four days one of those honeypots logged almost 2,000 infection attempts by Brickerbot.

So what does Brickerbot do? Well, if you had an IoT device like a security camera, it would remotely log in to that camera and try and break it. Geenens calls them ‘permanent denial-of-service (PDoS) attacks. Similar to Mirai, Brickerbot targets routers, CCTV cameras, webcams and any other IoT devices, but it also attacks a much wider variety of storage devices including servers.

The main question here is: what is Brickerbot’s true intention? Is it on a clean-up mission to wipe out all IoT devices with weak security? Maybe its aim is to push consumers to take IoT security more seriously. Perhaps it was created just for fun. It’s unclear right now but it will be interesting to see how Brickerbot develops further and more importantly, reveal what its true purpose really is.


Carolyn Devadawson