What is a phlashing attack?
Throughout the past year, our inboxes and RSS feeds have been flooded with news about malware and ransomware. But what about phlashing attacks?
Phlashing attacks have been designed by hackers with one sole purpose: to infect and permanently damage — or “brick” — a device. More specifically, phlashing attacks are targeting Internet of Things (IoT) connected devices to exploit known vulnerabilities in IoT device security and software.
Phlashing attacks have been dubbed permanent denial of service (PDoS) attacks because they act as a typical DoS attack but with permanent effects. According to Radware, more than 1,895 PDoS attempts have occurred in just the past four days. This alone is enough to cause worry for any MSP with their own IoT devices as well as customers with IoT devices in the workplace.
Introducing BrickerBot to the IoT Industry
While most malware infects IoT devices for a ransomware-like outcome, BrickerBot has entered the IoT scene aiming solely for destruction. And it’s destruction that has no benefit to anyone, including the hacker. Once BrickerBot’s malware infects a Linux-based IoT device, the owner is left with no choice but to purchase an entirely new device.
On the hacker’s end, their work is complete, and they move on to the next device without receiving any incentive like a Bitcoin ransoms paid out as a result of common ransomware attacks.
According to IT News, BrickerBot uses the same exploit vector as the damaging Mirai worm and attempts to access systems remotely to gain admin credentials to hack a device. BrickerBot uses a list of known default credentials used for various IoT devices, and if a device owner fails to follow security best practices and immediately change their default login credentials, BrickerBot can gain access to the device.
As Bleeping Computer explains, a “bricked” IoT device will stop working within seconds of getting hacked, resulting in what is known today as a phlashing attack.
Preventing IoT Malware
The top reason malicious hackers attack IoT devices is simple: because they can. IoT devices entered the industry fast — ranging from cars and coffee pots to refrigerators and alarm clocks — with little to no thought about the need for cybersecurity.
To avoid a PDoS attack that will disable all the Internet access and connected functionalities of a device, there are a few steps MSPs can take to better secure their SMB customers’ devices. To start, make sure employees and SMBs are changing devices’ factory default credentials right away. Change passwords regularly, and make sure they’re secure and not stored on a Post-it note around the office.
One of the strongest defenses against an attack like this is multi-factor authentication. This security feature requires users to provide two forms of authentication to access any password-secure device from another device.
Enable multi-factor authentication on IoT devices to ensure they require a second device to be authenticated with a secure password. Without the second device being authenticated, the device is useless to a hacker.
Finally, devices are only as secure as the network their connected to. Ensure your SMBs have the best firewalls and backup solutions in place to protect the network, prevent attacks, and enable recovery if an attack does happen.