Just when you thought you knew all there was to know about today’s cyber-threats and how to protect your network from them, there’s a new predator in town. It’s called phlashing and these attacks have one clear purpose – to “brick” connected devices like smartphones, rendering them inoperable immediately.
What’s different about these attacks is that unlike ransomware attacks there is no request for a payment, nor is there any attempt to access the device to steal personal data, which is usually the case with malware.
Instead the point is to permanently damage or “brick” a device, leaving the owner no choice but to buy a new one. Once that outcome has been achieved, the hacker simply moves on to the next target.
What is Phlashing?
TechTarget defines phlashing as a permanent denial of service (DoS) attack that exploits a vulnerability in network-based firmware updates. Malware is installed that infects – and bricks -- the device. It’s permanent because once a device has been attacked and successfully bricked, it is completely useless.
So yes...“bricking” a device is exactly what it sounds like – it becomes no more useful than a brick…albeit a potentially expensive one. A bricked device will not turn on, will not function normally, and cannot be fixed. It generally means that a device is not recoverable, at least via normal means.
Phlashing attacks are targeting Linux-based Internet of Things (IoT) connected devices, exploiting known vulnerabilities in their security and software. Once inside, phlashing malware will remove the storage and cut off Internet access, which effectively kills the device.
The Rise of Phlashing Attacks
Phlashing was discovered back in 2008, but at that time there was some healthy debate about whether or not it was a realistic type of attack. Because there is no incentive for the hacker, there was a question about the practical application of an attack that isn’t profit-driven like ransomware.
Recent events though have confirmed that Phlashing is not just real, it’s trending. According to Radware, nearly 2,000 PDoS attacks resulting from malware known as BrickerBot were recorded over just a 4-day period earlier this month. And BrickerBot 2.0 was quietly released on the same date.
It appears that the hackers behind BrickerBot are doing this simply because they can.
BrickerBot is attacking unsecure devices that have not updated the default username and password to something more secure. This is unfortunately pretty easy to do, as it only requires remote access to the device. And many IoT devices are connected to the Internet via routers that have equally insecure credentials.
Protecting Your Devices From Phlashing
Phlashing is largely the result of a perfect storm of events – the dramatic rise of the Internet of Things (IoT), and the limited thought around the security of IoT connected devices. And of course, the hackers who are disrupting the IoT just to show that they can.
There are some things that you can – and should – do to protect against IoT malware. These include:
- Change the factory default credentials (username and password) on all connected devices, including wireless routers, light switches, coffee pots, alarm clocks, etc. If it's connected to your network, it needs to be secure.
- Follow best practices for the new password – make sure it’s complex, at least 12 characters in length, contains a combination of lower and uppercase letters, numbers and symbols and update it regularly.
- Strengthen your network – your devices are only as secure as the network they are connected to, so make sure you have firewalls and backup solutions in place to both prevent attacks and enable recovery should an attack occur.
- Enable two-factor authentication wherever possible - this requires a second device to be authenticated with a secure password or code.
- Lock down or disable Telnet access, the feature the enables remote access. If your connected devices are managed by a 3rd party and this access can’t be turned off, confirm with your providerthat it is secure.
- Keep all devices up to date with security patches and firmware updates.
Stop Trying to Manage Network Security On Your Own
Today it's the rise of phlashing, tomorrow it will be a new and more sophisticated form of ransomware, and then something else the day after that.
Unfortunately for business leaders today, the cyber-criminals are smart and very often one step ahead. And that makes keeping up with cybersecurity that much tougher, particularly when you have a business to run.
But instead of worrying about these risks and trying to stay educated and protected on your own, you can partner with a managed IT service provider - like us! - to run your network security for you. Managed Security is a specialized area that requires full-time attention and expertise. And it's a key component of our Managed IT Services plans.
Partnering with a team that is dedicated to this discipline all day every day is the best way to ensure that you are getting the best cybersecurity services possible.