Silex
Infiltrating vulnerable machines and hijacking them to add to a botnet has been a modus operandi of cybercriminals for many years now. Most botnets consist of infected PCs. However, some cyber crooks take up a different approach. Instead of targeting computers, they would target IoT (Internet-of-Things) devices. These are all sorts of household machines, which can connect to the Internet and be considered ‘smart devices.’ The largest known botnet, which consists entirely of IoT devices, is called the Mirai botnet with over 2.5 million infected machines at its peak.
There is a rather interesting case involving a piece of malware called the BrickerBot. Instead of using the infected IoT devices for some harmful campaign, the creator of the BrickerBot opted to render them unusable just to make a point. Their reasoning is that users do not take cybersecurity seriously, and thus should be ‘punished’ for this sin. The BrickerBot threat disrupted the devices' functionality by deleting integral parts of their software & configuration. The creators of the BrickerBot malware have been boasting that they have disabled about 10 million IoT machines.
Malware experts suspect that the activity of the BrickerBot has likely been the inspiration behind the creation of a new threat called Silex. This Silex malware was first detected around late June 2019, and the server of the attackers appears to be based in Iran. The Silex threat would search for accessible IoT machines by scanning the Web. Then, the Silex malware will attempt to gain access to the detected IoT devices by using a list of login credentials such as “user/user,” “root/12345,” “support/support,” etc. Once the Silex threat infiltrates an IoT device, it will run commands to empty the network configuration and firewall rules, as well as to delete the installed firmware. Last but not least, it runs the 'rm -rf' UNIX command that will delete any local files it can access.
Even users who are mindful of keeping their computers safe and have installed reputable anti-malware applications tend to disregard all the IoT devices they may have in their household. It is crucial that you keep your IoT devices’ software up-to-date because old software can have vulnerabilities, which cybercriminals would eagerly exploit.
