IoT (Internet of Things) is not a new concept, even if it’s a newer term. However, for those of you who are unfamiliar with it, IoT is the interconnection of computing devices in everyday devices that allows them to send and receive data via the internet. This includes items like your cell phones, smart watches, security cameras, traffic signals, handheld scanners, medical equipment, printers, and even some toasters and refrigerators.
IoT devices are so embedded in our lives, that should anything happen to a large percentage of them it would cause a lot of stress and money on businesses around the world. With that thought in mind, let me introduce the latest malware aimed at attacking IoT devices, “Silex.”
What is Silex?
Just this week, on June 25th, security analysts started seeing Silex damaging IoT devices across the Internet. The malware is designed to “brick” or completely wipe any IoT device it comes across, rendering it useless. Silex works by destroying the devices storage, disabling firewall rules, removing the network configuration, and then fully disabling the device. This is as destructive as malware can get without actually doing physical damage to the system it’s deployed to.
But things are worse than that; to fix the problem the affected device must have its firmware manually reinstalled. This is a task that may be very difficult, or near impossible, depending on the device. It’s likely that most companies and users will simply think their device is bad and replace it with a new device.
So, what can you do to protect your company and your personal devices?
Firstly, change your passwords! Silex is spreading by checking what the IoT device is, and then attempting to use the known default and common credentials for that device to get in. This is not the first malware program to utilize known default passwords, and it likely will not be the last. I wrote a blog on password security that discusses the importance of using strong passwords; you can see that here.
The second thing you can do is properly configure your firewall. The attacks are coming from servers based in Iran, this means if your firewall has the ability to block items based on geography you can utilize those features to your advantage (assuming you are not doing business with anyone in Iran).
Thirdly, the malware uses common protocols such as Telnet and SSH to connect to devices. These protocols should never be open to the general internet. If this is something your firm uses, you should lock them down with a 3rd party firewall so they can only be accessed directly from known, trusted IP addresses.
Finally, the best way to protect yourself and your firm from Silex (and most security threats) is education. At the end of the day, educated companies and individuals who practice good IT security procedures day in, and day out will likely not be affected by Silex, and will minimize their exposure to many other malware programs, viruses, and other digital attacks.
Dealing with security and educating your users is critical, but not always easy. Sikich can help! We offer a full range of security and networking services. Contact us if you would like assistance in protecting your firm!