The new Malware Silex specifically attacks IoT devices that are only secured with standard/default passwords. After successful access, it paralyzes the devices.
Silex deletes the firmware on infiltrated IoT devices and thus reminds of the BrickerBot malware that destroyed millions of devices in 2017. When the Silex malware was first discovered by an expert at Akamai on June 25, 2019, it had only infected a few hundred devices. Just one hour later, thousands of devices were infected.
Silex continues to attack
The Silex attacks currently continue. The company news magazine ZDNET was able to locate the originator of the malware. In collaboration with Larry Cashdollar of Akamai, they arranged an interview with the 14-year-old author of Silex, who is only active in the scene under the pseudonym “Light Leafon”.
According to his information, the attacks will increase considerably in the next few days!
According to Larry Cashdollar (Akamai), who also discovered the malware, Silex overwrites the drives and partitions of an attacked device with random data. Silex also removes all firewall rules and network configuration. Silex then triggers a device restart – making the device useless.
The malware is as destructive as possible without actually destroying the circuits of the IoT device. In order to recover and reuse devices, owners of affected devices would have to manually reinstall the firmware. A task that is too complicated for the majority of owners.
It is to be expected that many owners of affected devices will throw them away in the belief that the hardware is defective – without knowing that they are “only” affected by malware.
Later in ZDNET’s interview with Light Leafon, he said he plans to further develop the malware and add even more destructive features.
“It will be reworked to have the original BrickerBot functionality.”
Among other things, it is planned to add the possibility to log on to devices via SSH in addition to the current telnet hijacking function. In addition, Light Leafon also plans to integrate exploits into Silex to allow malware to exploit vulnerabilities to penetrate devices, similar to how most IoT botnets work today.
“My friend Skiddy and I will rework the whole bot,” Light said in the interview. “It will target every single publicly known exploit that Mirai or Qbot are already exploiting.”
Protecting your IoT devices against Silex and similar threats is actually very easy. Do not use standard passwords and change at least the passwords of administrators and guest accesses on the device immediately after commissioning a new device! If you also deactivate unused protocols and functions, you not only save power, but also provide additional security.