Who wants to kill thousands of Internet of Things devices?
A permanent attack, dubbed PDoS, hints at a price war among IoT hackers.
SECURITY EXPERTS ARE puzzling over the motivation behind a new threat that can permanently damage IoT devices.
The devices have been a target before because they are often poorly secured with old versions of Linux and default passwords. Botnets built using IoT devices infected by the Mirai malware were blamed for attacks that brought down several websites last year.
Researchers have been monitoring the progress of a new form of attacks – permanent denial-of-service (PDoS) – that are targeting IoT devices with the aim of damaging them beyond repair.
They’re a step beyond DDoS attacks. “If you DDoS a service it recovers straight away after the attack, but with PDoS it’s more permanent – stop the attack and it’s still broken,” explained Pascal Geenens, a security researcher at anti-DDoS company Radware. “People need to come in and intervene and make repairs, so rather than being able to build a botnet the device is effectively knocked offline.”
Considering the effort that goes into developing an attack, the question is what motivates the attackers, who were discovered using honeytrap machines looking for DDoS malware. “There are several theories behind it,” said Geenens. “One is that it could be a vigilante who’s said ‘okay, I’ve had enough of this danger, so let’s destroy all these devices that are still vulnerable and whoever left those devices in a vulnerable state with out-of-date firmware or old passwords should be accountable for this’.”
Another theory is that it’s a turf war. With vulnerable machines easy to find – often outside the normal firewalled architecture that blocks inbound ports – hackers don’t need to invest time and money phishing or getting malware onto Windows machines to build a botnet. “Prices have been down for a few months, since Mirai,” Geenens said. “It can cost as little as $2 to perform an attack of five minutes for 100Gbits/sec with a thousand bots, and that’s because it’s so easy to compromise IoT and build a bot.
“It could be someone who has been in business for longer and had a Windows botnet, and he sees the prices and his margins eroded by these botnets. He wants to attack them and close them down.”