Iran responds to US cyberattacks with malware that destroys IoT devices

Vulnerability testing specialists reported the emergence of a new malware variant capable of removing firmware from Internet of Things (IoT) devices. This outbreak reminds experts the malware variant known as BirckerBot, which destroyed millions of IoT devices a couple of years ago.

This new malware variant, called Silex, was detected during the early hours of this Tuesday, so it has just over an active day. The malware has already blocked nearly 500 IoT devices at the time of detection, increasing the number of infections to more than 2,000 just a couple of hours later.

The malware remains active and, as the alleged silex developer has stated, the infections will increase considerably over the next few days. Akamai’s vulnerability testing experts claim that Silex destroys IoT device storage, removes network configurations, and eventually freezes the device.

In case of infection, the only way victims can recover from this infection is by reinstalling the device firmware manually, too complex work for a user without the required knowledge.

Chances are that victims won’t even contemplate the possibility that failures on their devices are due to a malware infection and attribute disruption of their services to hardware errors.

Vulnerability testing experts mention that this malware uses the default credentials to access devices and destroy firmware, overwriting any mounted storage it encounters with random data.

Specialists from the International Institute of Cyber Security (IICS) mention that the malware author’s server was detected in Iran. The alleged perpetrator of the malware, a 14-year-old who operates under the pseudonym Light Leon, was contacted by some experts. The hacker acknowledged being the author of Silex, and claimed to have developed a botnet known as HITO IoT a couple of months ago. Some experts even fear that these attacks are part of the cyber war between the United States and some territories in the Middle East.