What is a permanent DoS (PDoS) attack? Learn to protect yourself and your business

A PDoS attack is a particular kind of denial-of-service cyberattack that prevents users from accessing services. Unlike a DDoS attack, which only floods a target with excessive internet traffic, a PDoS can do actual damage to the hardware, requiring replacement or reinstallation. This process is also called “bricking,” since the device becomes as useless as a brick.

Such an attack often targets IoT (Internet of Things) devices — smart gadgets that are connected to the internet. One such example was the BrickerBot virus that used the security flaws of IoT devices, logged in, and disabled them.

Unfortunately, a PDoS attack allows a hacker to do damage really quickly and without much effort, and that’s why it is extremely dangerous. However, the fact that the damage is irreversible makes PDoS attacks not that lucrative to attackers, unlike other threats such as ransomware.

Most PDoS attacks work using a method called “phlashing,” which consists of replacing firmware (the very basic software of any device) with corrupted firmware images. And without properly functioning firmware, a device becomes completely unusable.

It’s worth mentioning that the term “phlashing” is a malicious counterpart of a legitimate process called “flashing” that usually simply means updating the firmware. In order to gain such access to a device and send the malicious code, a hacker needs to find some kind of a network security flaw or system vulnerability.

However, a phlashing attack can also be done physically. For example, a hacker might break into an office to upload the malware directly to the victim’s hardware. Alternatively, the attack can be distributed by unsuspecting users via infected gadgets such as USB devices.

Permanent denial-of-service attacks are becoming more of a risk every day with the rising popularity of the Internet of Things. The more devices connected to the internet, the more opportunities there are for hackers to cause damaging phlashing attacks remotely. This is especially dangerous to organizations that heavily rely on hardware for their daily operations and data storage.

Even though the attacker doesn’t receive any financial gain from a permanent denial-of-service attack, it doesn’t mean that these attacks can’t be lucrative. The mere thought of having to reinstall all the hardware (and getting all the data wiped) makes victims, especially businesses, pay up to prevent the attack.

Unfortunately, hackers often spread viruses just to wreak havoc, meaning that even personal computers and computing devices aren’t safe from a PDoS attack. It doesn’t help that these attacks are comparatively easy to implement, causing instant damage to the victim (and instant gratification to the hacker).

If carried out successfully, a PDoS attack can simply crash the targeted device or a set of devices. However, there may be other symptoms, too. For example, if your computer drive’s firmware gets corrupted, the drive might not initialize or run properly.

Other general symptoms of denial-of-service attacks can include:

• Your PC is running slow.
• Difficulty opening files.
• Inability to access websites.
• Disconnection from the internet.

In many cases, an encounter with PDoS means that your devices may require a complete hardware reinstallation, so it’s extremely important to prevent this from happening in the first place.

There’s no single method to prevent a PDoS attack from happening. Luckily, there are some general cyber hygiene habits that can protect you and your company from all sorts of threats, PDoS included:

• Regularly update your devices. We cannot stress enough the importance of updating software. This action fixes the existing vulnerabilities, patches security flaws, and improves functionality.
• Regularly update your antivirus software. New types of viruses emerge every single day, so it’s essential that you keep your antimalware tool up to date. It’s best to enable automatic updates in case you tend to forget to do it manually.
• Adhere to strict company rules. Keep track of who has access to your company’s offices. Make sure that all the company devices are up to date. Also, advise your employees not to use personal devices (like USB sticks) with your computers.