{"id":13117,"date":"2019-06-25T21:29:28","date_gmt":"2019-06-25T21:29:28","guid":{"rendered":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/?p=13117"},"modified":"2022-10-14T18:28:42","modified_gmt":"2022-10-14T22:28:42","slug":"as-we-warned-iran-strikes-back-with-new-silex-malware-bricking-iot-devices","status":"publish","type":"post","link":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/security\/as-we-warned-iran-strikes-back-with-new-silex-malware-bricking-iot-devices.html","title":{"rendered":"As We Warned, Iran Strikes Back with new Silex Malware Bricking IoT Devices (Updated)"},"content":{"rendered":"\n<p>Larry Cashdollar, Senior Security Response Engineer II at Akamai Technologies has <a href=\"https:\/\/www.linkedin.com\/in\/larry-cashdollar-0043a22\/\">identified <\/a>over 300 vulnerabilities in software and the latest named Silex is focused on bricking IoT devices. <\/p>\n\n\n\n<figure class=\"wp-block-embed-twitter wp-block-embed is-type-rich is-provider-twitter\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\"><p lang=\"en\" dir=\"ltr\">It&#39;s trashing the storage, dropping the iptables rules, removing the network configuration and then halting the device. <a href=\"https:\/\/t.co\/Ue661ku0fy\">pic.twitter.com\/Ue661ku0fy<\/a><\/p>&mdash; Larry W. Cashdollar (@_larry0) <a href=\"https:\/\/twitter.com\/_larry0\/status\/1143532888538984448?ref_src=twsrc%5Etfw\">June 25, 2019<\/a><\/blockquote><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div><\/figure>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>It&#8217;s trashing the storage, dropping the iptables rules, removing the network configuration and then halting the device. <\/p><cite>Larry Cashdollar<\/cite><\/blockquote>\n\n\n\n<p>The news broke earlier today that bricker bot silexbot is on the move again.<\/p>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-embed-twitter wp-block-embed is-type-rich is-provider-twitter\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\"><p lang=\"en\" dir=\"ltr\">It seems a bricker bot (silexbot) is on the move again. <a href=\"https:\/\/t.co\/tCScT8z2rK\">pic.twitter.com\/tCScT8z2rK<\/a><\/p>&mdash; Larry W. Cashdollar (@_larry0) <a href=\"https:\/\/twitter.com\/_larry0\/status\/1143532164983808001?ref_src=twsrc%5Etfw\">June 25, 2019<\/a><\/blockquote><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div><\/figure>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>The malware had <a href=\"https:\/\/www.zdnet.com\/article\/new-silex-malware-is-bricking-iot-devices-has-scary-plans\/\">bricked <\/a>around 350 devices when this reporter began investigating its operations, and the number quickly spiked to 2,000 wiped devices by the time we published, an hour later. <\/p><cite> <a href=\"https:\/\/www.zdnet.com\/meet-the-team\/us\/catalin.cimpanu\/\">Catalin Cimpanu<\/a> ZDNet<\/cite><\/blockquote>\n\n\n\n<p> &#8220;It&#8217;s targeting any Unix-like system with default login credentials,&#8221; Cashdollar told ZDNet. So far, it seems to be targeting IoT devices.<\/p>\n\n\n\n<p>This also means Silex will trash Linux servers if they have Telnet ports open and if they&#8217;re secured with poor or widely-used credentials.<\/p>\n\n\n\n<p>&#8220;It appears the IP address that targeted my honeypot is hosted on a VPS server owned by novinvps.com, which is operated out of Iran,&#8221; Cashdollar said when we inquired about the source of these attacks.<\/p>\n\n\n\n<div class=\"wp-block-image\"><figure class=\"alignright\"><img loading=\"lazy\" decoding=\"async\" width=\"408\" height=\"408\" src=\"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-content\/uploads\/2019\/06\/Dana-Tamir.jpg\" alt=\"\" class=\"wp-image-13139\" srcset=\"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-content\/uploads\/2019\/06\/Dana-Tamir.jpg 408w, https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-content\/uploads\/2019\/06\/Dana-Tamir-90x90.jpg 90w, https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-content\/uploads\/2019\/06\/Dana-Tamir-300x300.jpg 300w\" sizes=\"(max-width: 408px) 100vw, 408px\" \/><figcaption> Dana Tamir, VP, Market Strategy <a href=\"http:\/\/www.silverfort.io\/\">Silverfort<\/a><\/figcaption><\/figure><\/div>\n\n\n\n<p>At the time of writing,\u00a0<a rel=\"noreferrer noopener\" href=\"https:\/\/urlhaus.abuse.ch\/url\/211818\/\" target=\"_blank\">the IP address<\/a>\u00a0has already been added on the URLhaus blacklist, after being reported by IoT malware researcher\u00a0<a rel=\"noreferrer noopener\" href=\"https:\/\/twitter.com\/0xrb\" target=\"_blank\">Rohit Bansal<\/a>.<br>We <a href=\"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/security\/massive-new-iranian-cyber-threat-to-u-s-companies.html\">warned <\/a>last weekend that this attack was likely coming. This is likely part of a bigger threat. This is not a tremendously sophisticated attack but bricking devices is the ultimate act of animosity. The perpetrator gains nothing other than inflicting pain and suffering n the victim.<\/p>\n\n\n\n<p>We reached out to agentless multi-factor authentication provider S<a href=\"http:\/\/www.silverfort.io\/\">ilverfort for<\/a> comment.<\/p>\n\n\n\n<p>Dana Tamir, VP, Market Strategy had this to say, \u201cThe default credentials to IoT devices should always be replaced and sensitive IoT devices should be protected by requiring a second\u00a0authentication factor. Until today, enterprises looking to layer multi-factor authentication (MFA) on IoT devices struggled to find solutions, but a new generation of agentless MFA solution now enables seamless protection for these devices.<\/p>\n\n\n\n<p>Adding a requirement for a secondary authentication factor is an effective measure to block unauthorized logins, and prevents hackers from accessing and destroying the devices.\u201d<\/p>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Larry Cashdollar, Senior Security Response Engineer II at Akamai Technologies has identified over 300 vulnerabilities in software and the latest named Silex is focused on bricking IoT devices. It&#8217;s trashing the storage, dropping the iptables rules, removing the network configuration and then halting the device. Larry Cashdollar The news broke earlier today that bricker bot<\/p>\n","protected":false},"author":44,"featured_media":13076,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[156],"tags":[2149,1796,1798,2148],"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/posts\/13117"}],"collection":[{"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/users\/44"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/comments?post=13117"}],"version-history":[{"count":3,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/posts\/13117\/revisions"}],"predecessor-version":[{"id":13140,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/posts\/13117\/revisions\/13140"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/media\/13076"}],"wp:attachment":[{"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/media?parent=13117"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/categories?post=13117"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/tags?post=13117"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}