Silex IoT Malware Operator Bricks Devices and Plans Future Attacks
CYBER NEWS

Silex IoT Malware Operator Bricks Devices and Plans Future Attacks

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

Silex is a new strain of very dangerous IoT malware that was just detected by security researchers. The malware is similar to BrickerBot which attacked more than 60,000 Internet devices in several states in India.

Related: BrickerBot Malware Attack Crippled Over 60 000 Devices in India

Silex IoT Malware: What we know so far

Silex is quite destructive, and it is capable of literally destroying targeted devices. The malware was first spotted by Akamai researcher Larry Cashdollar, who says that it can trash an IoT device’s storage, drop firewall rules, remove the network configuration, and halt the device altogether. It should be noted that the IP address ,185[.]162[.]235[.]56, linked to the attacks is hosted on a VPS server owned by novinvps.com, which is operated out of Iran.

The only way for victims to recover from the attack is to manually reinstall the firmware which is not an easy task for the average consumer. That is why researchers expect that victims of Silex would probably throw away their compromised devices thinking that the devices had some kind of a hardware problem when they were attacked by Silex.

Apparently, the malware has bricked more than 2,000 devices in just a few hours. Researchers are continuing to observe new infections.




In an interview with the malware’s creator, ZDNet obtained information that the Silex attacks are going to become more frequent in the upcoming days. The number of bricked devices quickly jumped from 350 to 2000.“Attacks are still ongoing, and according to an interview with the malware’s creator, they are about to intensify in the coming days,” ZDNet said.

Related: A Multitude of Freertos Security Bugs Allow Hackers to Abuse Iot Devices

Another researcher, Ankit Anubhav was successfully traced Silex’s creator to confirm that the malware was specifically designed to brick the compromised IoT devices. It is curious to note that Anubhav thinks that the malware was developed by a teenager using the nickname Light Leafon who allegedly developed another IoT botnet known as ITO.

As for Akamai’s Cashdollar, he believes that the malware is using a list of known default credentials in the attempt to log in and carry out its malicious activities. Silex writes random data from /dev/random to any mounted storage it finds. “I see in the binary it’s calling fdisk -l which will list all disk partitions. It then writes random data from /dev/random to any partitions it discovers,” Cashdollar explained.

Its malicious capabilities include deleting network settings and other data found on the device, and then flushing all iptables entries before halting or rebooting the device. What is worse is that Silex may also be capable of bricking Linux servers with Telnet ports open and with known credentials in place. The motivation behind the attacks remains unknown.

Avatar

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...