IoT devices running on the Linux or Unix operating systems with known or guessable default passwords were targeted.
At least 4,000 IoT devices, and probably more were bricked thanks to a new strain of malware called Silex and the 14-year-old hacker who unleashed it. Akamai senior intelligence response engineer Larry Cashdollar first discovered Silex. It’s similar to 2017’s Brickerbot in that it targets insecure IoT devices, specifically those that run a Linux or Unix OS and have known or easily guessable default passwords. Silex uses the insecure logins to destroy the device’s storage and remove their network configuration, effectively turning them into paperweights.
The hacker used Twitter to contact Cashdollar, indicating a plan to remove vulnerable IoT devices to prevent other hackers from using them to create botnets. At some point however, the command and control center server vanished.
Cashdollar has a theory. The person who wrote this didn’t expect all this attention and didn’t like it. It made him nervous, so he decided to stop the malware from spreading and that he wasn’t going to increase its destructiveness.
The incident highlights two things:
- IoT security still has many vulnerabilities
- Too many devices lack security from cyberattack
It’s unclear how many device manufacturers prioritize security, and compliance with standards and certification remains voluntary. Cashdollar says that vendors need to prioritize building secure, updatable devices.