New Silex malware bricks 2000 plus IoT devices
Published: 03:09 PM, 27 June 2019 Updated: 04:21 PM, 27 June 2019
A new strain of malware is discovered which attacks the firmware of IoT devices. The reminiscent of the old BrickerBot malware also destroyed millions of devices back in 2017.
The malware named Silex, that began operating on June 25 and had bricked around 350 devices when the investigation began. And within 1 hour, the malware quickly spiked to 2,000 wiped devices
How Silex malware works
According to Akamai researcher Larry Cashdollar, who first spotted the malware on June 25, Silex works by trashing an IoT device’s storage- dropping its firewall rules, removing the network configuration, and then halting the device.
It’s so much destructive as it can get without actually frying the IoT device circuits. To recover, victims must manually reinstall the device’s firmware, a task which is complicated for the majority of device owners.
“It’s using known default credentials for IoT devices to log in and kill the system,” said Cashdollar. “It’s doing this by writing random data from /dev/random to any mounted storage it finds.”
He also said, “I see in the binary it’s calling fdisk-l which will list all disk partitions and ‘writes random data from /dev/random to any partitions it discovers’.”
“It’s then deleting network configurations and It’s [running] rm-rf / which will delete anything it has missed,” he added.
“It also flushes all iptables entries adding one that DROPS all connections. Then halting or rebooting the device,” the Akamai researcher said.
Attacks mainly carried out from Iranian server
“It appears the IP address that targeted my honeypot is hosted on a VPS server owned by novinvps.com, which is operated out of Iran,” Cashdollar informed the source of these attacks.
“It’s targeting any Unix-like system with default login credentials,” according to him and said, “The binary I captured targets ARM devices. I noticed it also had a Bash shell version available to download which would target any architecture running a Unix like OS.”
This means Silex will trash mainly Linux servers if they have Telnet ports open and if they’re secured with poor or widely-used credentials.
Who’s behind Silex Malware?
With the help of Newsky Security researcher Ankit Anubhav, ZDNet reached out to the Silex malware author with a series of questions about the motives and grand master plan behind the malware.
According to Anubhav, a 14-year-old teenager going online by the pseudonym of Light Leafon is responsible for the destructive malware.
He confirmed the hacker’s identity by having him put a custom message on the Silex command and control (C&C) server, verifying the actual Silex operator.
Light Leafon had created the HITO IoT botnet and had been interviewed by Anubhav, a month ago on an episode of his podcast on IoT botnets and security.
“The project started as a joke but has now developed into a full-time project, and has abandoned the old HITO botnet for Silex,” Light Leafon said.
The teenager said he plans to develop the malware further and add even more destructive functions.
Attacks are still going on, according to malware’s creator, “They are about the intensify in the coming days.”
There are plans such as adding the ability to log into devices via SSH, besides the current Telnet hijacking capability. Further, Light also plans to incorporate exploits into Silex, giving the malware the ability to use vulnerabilities to break into any devices.
Legacy of BrickerBot
The Silex malware is obviously inspired by the old BrickerBot strain, which was active between April and December 2017.
The BrickerBot author, known as the pseudonym of the Janit0r, claimed he permanently or temporarily destroyed over ten million IoT devices.
Janit0r motivated the attacks as a form of protest against owners of smart devices that were constantly getting infected with the Mirai DDoS malware.
The BrickerBot author argued that it would be better if the devices were destroyed, rather than sit around as cannon fodder for DDoS botnets, and haunting the internet for years.
The Janit0r’s year-long bricking got some internet service providers to secure their networks against some attack vectors, albeit BrickerBot’s impact could never be fully quantified.
But unlike the Janit0r, Light did not offer any motive for his actions, as of now. He didn’t put out a manifesto like the Janit0r did after BrickerBot attacks began, to justify any of his actions.
As of now, all of the Silex attacks appear to have been carried out as a joke, or out of malice.
But there is bad news for Light is that unlike the BrickerBot author, who left a minimal trail of footprints that authorities could follow, Light might have made several OpSec mistakes along the way that may end up costing him in the long run.
- Bribery scam: Ex-ACC Director Basir sent to jail
- New research unveils real cause of heart attack
- Four killed in Narayanganj’s 4 Upazilas
- ‘Stern action if killing people over child lifting rumor’
- 5828 multimedia classrooms installed in Rajshahi
- Sergeant Kibria’s father files writ seeking compensation
- Minni’s bail hearing Jul 30
- Three father of a newborn baby!
- Shokh to play Minni’s role in Eid
- Habits that extremely harmful for liver
- Rain likely to increase, temperature may fall
- Advance train tickets to be sold at 5 spots
- Fire breaks out at CMCH Psychiatry department
- 25 schoolgirls fall sick from laughing too much
- ‘Lion King’ roars as surpassing ‘Avengers’ record
- Ronaldo will not face rape charges
- Critical security flaw found in VLC Player
- Two robbers killed in Sundarbans gunfight
- Large-scale government data hacks in Russia, Bulgaria
- Mehazabien with new story
- Shinzo Abe wins Japan’s upper house poll
- National Public Service Day-2019 today
- Renu lynched in Badda: 2 more held
- Drug peddler killed in Meherpur gunfight
- Suspended ACC director Basir held
- Bangladesh to play warm-up match today
- ‘Child lifters’ rumor: innocence loses life
- Chandrayaan-2: India launches second Moon mission
- WHO to work with DSCC in combating dengue
- Bangladesh U-19 beat England U-19
- All News »
- Priya’s allegation is not correct: US Ambassador
- Child’s head in bag, youth lynched in Netrokona
- ‘Lady Killer’ Tisha to fight against formalin in food
- Priya falsify to Trump about Bangladesh
- Woman lynched over child-lifting rumour: 500 sued
- HSC exam results tomorrow
- Rifat murder: Minni at Police Line for questioning
- Renu lynched in Badda, 3 held
- Police want 10-day remand of Minni
- Rifat killing mastermind Minni; says police
- 8 boards attain 71.85 pc pass rate
- Stocks maintain positive trend
- None took ‘liability of denying legal support’ to Minni
- Edu Minister`s husband Toufiq Nawaz severely ill
- How to get HSC result
- Bangladesh to play warm-up match today
- Minni sent to jail
- HSC pass rate increases 7.9 pc
- Court dismisses Minni’s two petitions
- Put Myanmar for Rohingya return; FM urges US
- PM to inaugurate ‘Benapole Express’ Wednesday
- Country’s 7th mobile assembling plant to be launched with FDI
- Ershad’s namaz-e-janaza held in Rangpur
- Minni on 5-day remand
- Ershad’s body in Rangpur
- Man accused in 14 cases killed in gunfight
- Google shuts down AdSense on Android, iOS for web
- Another hit of Gully Boy!
- DIG Mizan shown arrested in bribery case
- Humanity for animal !