A new strain of malware is wiping the firmware of IoT devices in attacks reminiscent of the old BrickerBot malware that destroyed millions of devices back in 2017. In the last 24 hours, thousands of IoT devices have been bricked by a new malware strain. Named Silex, the malware is wiping the firmware of IoT devices with more than 2,000 reported incidences in the first few hours of its existence. It is thought Silex destroys the device by killing its storage, which allows it to ignore firewall rules and network configurations. Finally, the device stops operating completely. Attacks are still ongoing, and according to an interview with the malware’s creator, they are about to intensify in the coming days.
Over 2,000 devices have been bricked in the span of a few hours by new Silex IoT malware https://t.co/4R0oHRVYGO
— Graham Cluley (@gcluley) June 25, 2019
New Silex malware is bricking IoT devices
– has already bricked 2,000 systems
– targets everything UNIX-based via Telnet default creds
– wipes storage
– drops firewall rules
– wipes network config
– rm rf's everything left
– reboots devicehttps://t.co/PqvLFGKcsQ #tip @techmeme pic.twitter.com/IsplzhNFnk
— Catalin Cimpanu (on vacation) (@campuscodi) June 25, 2019
Jake Moore, Cybersecurity Specialist at ESET:
“This once again highlights the ease at which someone can take control of devices with simple default credentials. To see a 14 year old take down these devices shows the ability of these young people and how many are using their skills for destruction rather than for good. It also highlights that cyber-attacks are not just for financial gain or ruin but sometime just for the “lolz”.
Reinstalling the devices firmware can be tricky but not impossible. However, preventing this attack is far better and easier than curing it so as more are predicted, check all your IoT around the house to make sure they are all using random long and complex passwords in conjunction with 2FA where possible”.
Chris Doman, Security Researcher at AT&T Alien Labs:
“Some of the shell script that Silex runs to destroy the IoT device is identical to that used by BrickerBot – it looks like the malware author copied some of the code.
Whilst the world could do with less insecure IoT devices connected to the internet, this isn’t the way to fix the problem.
Interestingly, the Japanese government have proposed doing something similar”
Gavin Millard, VP of intelligence at Tenable:
With the threat from Silex Malware targeting IoT devices with default credentials, it’s a stark reminder that all of us need to be more savvy when it comes to cybersecurity. The first thing you should do when taking a new device out of the box is change the password, yet far too few actually do this which is why the worm has proven effective so far. Perhaps one day manufacturers will move to a more secure approach of requesting a password on setup rather than setting a default one, but apparently the world isn’t ready for such innovation.
“Whilst the current approach taken by the malware is to target default credentials, there is a danger that it could be altered to look for, and abuse, other configuration errors or known vulnerabilities to cast its net wider.”
John Grimm, Senior Director of Strategy and Business Development at nCipher Security:
“Over time, the IoT has become the lynchpin of almost every single digital initiative and interaction. Consumers and businesses are discovering and benefiting from the opportunities it provides each day.
Yet, IoT devices have also become one of the most vulnerable entry points for attackers. The IoT exposes consumers and businesses to new security vulnerabilities due to its increased network connectivity and the devices within it not being secured by design. It is so vast and complex that finding data protection solutions which can span across the entire network, providing scalable encryption key management and not impeding data analytics can be a serious challenge.
By encouraging ‘Security by Design’, handing greater accountability to device manufacturers and introducing a new labelling system to indicate the presence of basic security features, the UK government’s recent IoT security consultation signals a positive step in the right direction in minimising the impact of attacks like this one in the future. However, some of the recommendations are dependent on variable factors – for example a user may choose a weak password or not even bother to replace the default password, or a manufacturer may go out of business and stop delivering security updates to its devices.
In addition, the industry still must take further steps to ensure that information collected by devices can be encrypted, and that digital signing is used to ensure the authenticity of software updates and to help prevent the introduction of malware. There is also room for greater transparency around the software and hardware used in a given product, so that the impact of discovered vulnerabilities (which are inevitable) can be fully assessed for risk.”
Saryu Nayyar, CEO at Gurucul:
Gartner estimates that there will be more than 20.6 billion devices on the internet by 2020. The explosion of BYOD and Internet-connected devices clearly complicates security and management, and using legacy tools and processes will not work with these growing volumes. Leveraging big data, combined with behavioral analytics and automated machine learning, is the only way to monitor these devices at scale.