Internet of Things (IoT) and the Industrial version (IIot) are kind of like the wild west at the moment.
People and businesses are deploying IoT and IIoT devices at an incredible rate. Estimates are that there will be tens of billions of them deployed over the next few years.
But that doesn’t help the security problem.
So a couple of European teenagers decided to help get the message out. Maybe not in the best way to do that.
One using two aliases ‘Light The Leafon’ and ‘Light The Sylveon’. and two other members, ‘Alx’ and ‘Skiddy’, developed malware that looks for IoT devices that still have the default passwords.
The malware is based on the incredibly effective Mirai malware that infected millions of devices a few years ago, but this malware works differently. This is about as simple as malware gets.
If it can get into the device, it runs scripts that delete the device configuration files, flash memory and then run more commands. Finally, it reboots the device, effectively turning it into a very expensive brick.
They said they did this so that other hackers could not take over the device and turn it into a botnet.
Theoretically, the devices could be restored if you had the ability to reflash its memory, but for many devices, that is not technically possible in the field and even if it is, MAYBE 1 in 10,000 users MIGHT have the skills to do that.
The hackers, after proving their point, turned off the malware’s control server, but any device that had already been infected was still dead or dying.
The good news is that this is relatively simple to deal with. Not all IoT/IIoT malware is, but this one is.
Take basic security precautions. Change passwords. Install patches. Put IoT and IIoT devices behind firewalls. Train your users.
This particular malware did limited damage – unless your device was one that was destroyed – but the next one – maybe not so much, so prepare now or you could be the next victim.
Source: The Bleeping Computer.