IoT devices running on the Linux or Unix operating systems with known or guessable default passwords were targeted.
At least 4,000 IoT devices, and probably more were bricked thanks to a new strain of malware called Silex and the 14-year-old hacker who unleashed it. Silex was first discovered by Akamai senior intelligence response engineer Larry Cashdollar. It’s similar to 2017’s Brickerbot in that it targets insecure IoT devices, specifically ones that run a Linux or Unix OS and have known or easily guessable default passwords. Silex uses the insecure logins to destroy the device’s storage and remove their network configuration, effectively turning them into paperweights.
Cashdollar told Threatpost that he was contacted by the hacker via Twitter and was told that the goal was to remove vulnerable IoT devices to prevent other hackers from using them to create botnets. At some point however, the command and control center server vanished.
“What ended up happening was the person who wrote this didn’t expect all this attention and didn’t like it and made him nervous so he decided to stop the malware from spreading and decided that he wasn’t going to change it anymore to make it more destructive than it already had been, he’s planning on quitting, I think,” Cashdollar said.
The incident illustrated that IoT security still has a long way to go and that insecure devices are still in use. It’s unclear how many device manufacturers are taking the need for security seriously. While standards are now published and certification is available, it’s all still voluntary.
“Vendors are coming to terms with having to build secure devices that can be updated. I just don’t know how many of them have actually gotten on board versus ones that are ignoring it.” Cashdollar said.