As We Warned, Iran Strikes Back with new Silex Malware Bricking IoT Devices (Updated)

Larry Cashdollar, Senior Security Response Engineer II at Akamai Technologies has identified over 300 vulnerabilities in software and the latest named Silex is focused on bricking IoT devices.

It’s trashing the storage, dropping the iptables rules, removing the network configuration and then halting the device.

Larry Cashdollar

The news broke earlier today that bricker bot silexbot is on the move again.

The malware had bricked around 350 devices when this reporter began investigating its operations, and the number quickly spiked to 2,000 wiped devices by the time we published, an hour later.

Catalin Cimpanu ZDNet

“It’s targeting any Unix-like system with default login credentials,” Cashdollar told ZDNet. So far, it seems to be targeting IoT devices.

This also means Silex will trash Linux servers if they have Telnet ports open and if they’re secured with poor or widely-used credentials.

“It appears the IP address that targeted my honeypot is hosted on a VPS server owned by novinvps.com, which is operated out of Iran,” Cashdollar said when we inquired about the source of these attacks.

Dana Tamir, VP, Market Strategy Silverfort

At the time of writing, the IP address has already been added on the URLhaus blacklist, after being reported by IoT malware researcher Rohit Bansal.
We warned last weekend that this attack was likely coming. This is likely part of a bigger threat. This is not a tremendously sophisticated attack but bricking devices is the ultimate act of animosity. The perpetrator gains nothing other than inflicting pain and suffering n the victim.

We reached out to agentless multi-factor authentication provider Silverfort for comment.

Dana Tamir, VP, Market Strategy had this to say, “The default credentials to IoT devices should always be replaced and sensitive IoT devices should be protected by requiring a second authentication factor. Until today, enterprises looking to layer multi-factor authentication (MFA) on IoT devices struggled to find solutions, but a new generation of agentless MFA solution now enables seamless protection for these devices.

Adding a requirement for a secondary authentication factor is an effective measure to block unauthorized logins, and prevents hackers from accessing and destroying the devices.”