Silex Malware Bricks IoT Devices with Weak Passwords
On June 25, security researchers noticed a new Internet of Things (IoT) malware called Silex (detected by Trend Micro as BACKDOOR.LINUX.SILEXBOT.A) quickly spreading and wiping devices’ firmware. The malware, which only operated for a day or so, has already managed to brick thousands of IoT devices. The malware’s command and control server was down at the time of writing so it's unable to infect new victims, but the malware is still running on infected machines.
This is a particularly destructive malware, requiring a complete firmware reinstallation to restore the infected device. According to researcher Larry Cashdollar, the malware will enter the victim’s system using known default credentials — the standard user name and password that an IoT device comes shipped with. Cashdollar noted that the binary he captured targets ARM devices. He also saw a version that targets Unix-like operating systems. This means Silex will also affect Linux servers if they’re using default credentials.
It will brick the device by first trashing the storage. It then drops firewall rules, deletes the network configuration, and then finally stops the device entirely. Victims of Silex will likely assume hardware failure, not that they have been infected by malware.
The goal of Silex is not monetary gain — when the malware runs, there is a note from the author saying that the device is only being bricked to prevent it from being used maliciously by other hackers. This is similar to the reasoning behind the BrickerBot malware that hit millions of devices in 2017.
According to security researcher Ankit Anubhav, Silex was created by three teenagers from an unspecified European country. The main member of the team goes by the alias "Light The Leafon" and "Light The Sylveon," the other two are "Skiddy" and "Alx." Despite his young age, Light The Leafon created Silex and HITO, a bot based on the IoT malware Mirai.
The hacker was planning to incorporate exploits into Silex, giving it the ability to use vulnerabilities to break into devices. But in a later statement to Anubhav, Light said that he is leaving the IoT community because of the attention he was getting.
Solutions and recommendations
As more IoT devices are being used in enterprises and at home, securing them is becoming more essential. Make sure you are familiar with your device, and set it up to be as secure as possible — first by changing the default password.
[Read: The risks to IoT devices and how to protect them]
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: TargetCompany
- Email Threat Landscape Report: Cybercriminal Tactics, Techniques That Organizations Need to Know
- Preventing an Imminent Ransomware Attack With Early Detection and Investigation
- Inside the Halls of a Cybercrime Business
- Securing Cloud-Native Environments with Zero Trust: Real-World Attack Cases