ForgeRock Blog

Avoid the Nefarious Mirai Worm, the Vigilante Brickerbot, and Properly Protect Your IoT Devices.

For those who grew up with comic books, vigilante characters like Batman and The Punisher frequently tackled the interesting moral discussion around following the law versus protecting the innocent from evil (or incompetence) at any cost. It’s the first thought I had as I read about Brickerbot and its arch nemesis, the Mirai Worm.

Secure IoT devices using ForgeRock’s identity and access management solutions.

It’s well known that there are many unsecured IoT devices out there, and we’re seeing a seemingly unstoppable series of worms that are targeting these IoT devices that have no (or no good) security. In most cases, devices like webcams, remote speakers, or networked lighting arrays get shipped with factory default administrative passwords. Unless the customer / user resets those passwords, the devices are completely vulnerable to attack.

Currently the Mirai Worm is considered the leading supervillain of the malware set. It’s gone as far as to knock key Internet stalwarts–such as Twitter and Spotify–offline through one of the largest DDoS attacks in history. This was all made possible through the infection of cameras, PVRs, and other unsecured IoT devices.

Enter Brickerbot. Brickerbot is a mutating vigilante botnet that’s also infecting unsecured IoT devices. However, instead of using it to further a malicious cause, it’s taking these devices offline (sometimes permanently) to deny worms like Mirai the platform they need to continue their nefarious attacks on Internet infrastructure.

While there are many that are grateful these attacks are slowing, it’s coming at the cost of permanently disabled IoT devices. Not nice for the unsuspecting citizen hoping to catch up on the latest episodes of Modern Family.

Of course we here at ForgeRock are avid believers in fully secured IoT devices (you can read more about our offerings here). By providing secure identity and access management to each device, manufacturers can avoid having their devices “bricked” via a remote botnet, whether it’s intentions are honorable or not.

In fact our latest product, ForgeRock Edge Security, is designed to protect IoT devices from chip to cloud. What exactly do we mean by chip to cloud? Our approach at ForgeRock is that in order to ensure the integrity of the entire system, it’s crucial to securely establish and maintain the full lifecycle of IoT devices themselves, and the data they generate. These identities and their associated credentials must be trusted and useable across numerous connected ecosystems, between different devices, from devices to humans, and from devices to all varieties of cloud services. The data from these devices must be kept confidential and secure, and the system needs to be able to verify where it came from and control what systems can access it. Learn more about our Edge Security offering here.

And if you’re a device manufacturer, systems architect, or any kind of IoT developer, you should consider signing up for our early access program. We’re partnering with IoT companies like ARM, Dell, and Trustonic to create chip-to-cloud security solutions, and we’re always looking for new partners to join the effort.

For those who want more info on Brickerbot, Ars Technica unsurprisingly has a thorough overview. There’s also a newly emerging worm on the scene – Hajime – which first surfaced in late 2016. I’ll take a deeper dive on Hajime in a future post.