The “Hide ‘N Seek” (HNS) Internet of Things botnet is back in action, and now it’s bigger and badder than ever. First spotted in early January 2018, this botnet went M.I.A. for nearly two weeks before researchers at Bitdefender uncovered it once again, with a device count of more than 24,000! What started out as a dozen infected devices in Southeast Asia earlier this month has now become a global phenomenon. How can this level of growth be possible?
HNS owes its alarming momentum to its advanced communication tactics – using custom-built peer-to-peer interactions to rapidly exploit new victims. It also happens to be just the second known botnet to use a decentralized, P2P architecture. According to an SC Magazine report, HNS may represent a concerning and widespread shift in the way cybercriminals seek to leverage botnets. Here’s an excerpt from the article:
“The botnet also uses multiple anti-tampering techniques to prevent a third party from hijacking or poisoning and can perform web exploitations against a series of devices via the same exploit as CVE-2016-10401 and other vulnerabilities against networking equipment.
HNS also embeds a plurality of commands such as data exfiltration, code execution and interference with a device’s operation. The botnet also features a worm-like spreading mechanism that randomly generates a list of IP addresses to get potential targets.”
Read the full article on SC Magazine, and if you’re interested in learning more about what else we might expect to see from IoT botnets in the coming months, check out this 2018 cybersecurity prediction here on Secplicity.
It would be nice if you said what the botnet exploits instead of just reverencing a CVE number.