What Is a Permanent DoS (PDoS) Attack?

Permanent dos hacker

A Permanent Denial of Service attack, or a PDoS attack, is denial of service via hardware sabotage. One method of conducting a PDoS attack is commonly referred to as phlashing. During such an attack, an attacker bricks a device or destroys firmware, rendering the device or an entire system useless. In this scenario, the victim has no other choice than to repair the device or buy a new one to restore operations. PDoS attacks have been a known possibility for several years, but these tactics haven’t yet gained traction with hackers. Our partner Radware, a leading cybersecurity firm, predicts in their 2017 Global Application & Network Security Report that this type of attack will be on the rise this year.

How It Works

PDoS attacks can be carried out by uploading a corrupted BIOS to a device, or via remote administration of the management interface in general. One method is to exploit vulnerabilities to replace a device’s basic software with a corrupt firmware image. This method is what is known as phlashing.

PDoS attacks are also conducted physically. For instance, an article on Help Net Security featured a USB stick referred to as USB Killer 2.0. This malicious tool can be plugged into any device that has a USB host interface, including routers, servers and modems. The USB stick uses a voltage converter to charge the device’s capacitors to 220V and releases a negative electric surge into the USB port. These surges continue until the device can no longer draw power, and certain components must be replaced before the device can be operable again. There is a growing concern in the industry about the ability to use malware and bots to remotely overheat devices, damaging them and even setting them on fire.

An attacker could potentially cost a company millions by carrying out a PDoS attack to crash a few routers or servers, making their services unavailable until those devices could be repaired or replaced.

Why Now?

Experts have argued that PDoS attacks won’t become common because they wouldn’t be as lucrative for cyber criminals as other types of attacks. The attacks are irreversible, and so attackers could not demand a sum of money to stop the attack. The only way to make money would be to threaten a PDoS attack in the hopes an individual or organization would pay up to prevent it.

However, the recent global Petya attack proves that hackers can be motivated to conduct widespread attacks solely for the purpose of wreaking havoc, not for financial gain. Experts determined the Petya virus to be a wiper and not true ransomware. Victims were unable to get their files back, whether they paid the ransom or not. Experts say the ransom demand was likely a distraction to help cover the attackers.

Another reason to implement PDoS attacks is they could save attackers time and resources compared to the more common DDoS attacks. During a DDoS attack, attackers must continue to engage for as long as they want the attack to persist.

Lastly, the sheer number of devices connected to the Internet of Things provides more opportunity for these types of attacks with greater financial consequences. Gartner, Inc. forecasts 8.4 billion devices will be connected by the end of 2017 and predicts 20.4 billion devices to be connected by 2020.

How to Minimize the Risk of a PDoS Attack

Assess your organization’s risk for PDoS attacks and keep your devices patched and upgraded. Rich Smith, head of research at HP Systems Security Lab, told Dark Reading there is no magic bullet to prevent these attacks, but companies should ensure flash update mechanisms have authentication so that only authorized administrators can perform updates. To help prevent physical attacks, make sure your organization’s infrastructure is protected with 24×7 security. Follow best practices to secure your network, and ensure network protection devices are up to date to recognize the latest threats.

Need some help assessing your physical security or network security? Contact us for a free consultation.