• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

The Hide ‘N Seek IoT Botnet Just Unlocked a New Achievement: Persistence

May 8, 2018 By The Editor

Remember when we said the “Hide ‘N Seek” IoT (Internet of Things) botnet may be a sign of what’s to come? Well, according to a blog post published by Bitdefender on May 7, it looks like the prophecy is true. Hide ‘N Seek has infected close to 90,000 devices total (including more than 20,000 over the course of just a few days back in January) and has unlocked an extremely concerning new achievement: Persistence. The latest version of the malware discovered last week is the world’s first to gain persistence (the ability to survive a reboot) on infected devices.

If that wasn’t enough cause for alarm, the most recent version of the Hide ‘N Seek malware also wields new binaries that allow it to target new vulnerabilities and types of devices. In a SecurityWeek report posted earlier today, Bitdefender Senior E-Threat Analyst Bogdan Botezatu elaborates on which IoT devices this malware is targeting. Here’s an excerpt:

“The list is extremely long and features several camera models, but the hardcoded credentials also target several router models. In addition to specific models, the bot also attempts these credentials against Telnet for all sorts of devices. The fact that it has binaries compiled for 10 platforms and architectures shows that the attacker is aiming at enrolling as many devices, regardless of type, maker, and model,” Botezatu said.

“We’ve notified vendors about this,” he added.

Over the past three months, Hide ‘N Seek has been growing steadily although some devices left the botnet, while others joined it. Most likely, the botnet lost those devices “that could not be exploited in a way to offer persistence,” Botezatu said.

According to Botezatu, Hide ‘N Seek appears to be in the growth phase – hunting IoT devices that can be exploited in a way to offer persistence – to help the botnet seize as many devices as possible. But what is Hide ‘N Seek’s end game? Botezu notes that Bitdefender’s researchers have yet to find any support for distributed denial of service (DDoS) in the five versions of the botnet they’ve observed thus far.

The lack of weaponized features in the binary – particularly DDoS, which is the most common objective of IoT botnets found in the wild –  indicates that Hide ‘N Seek’s game plan is to get even bigger before it returns again even badder.

You can read the full article on SecurityWeek and learn more about the evolution of this unique IoT botnet here on Secplicity.

Share This:

Related

Filed Under: Editorial Articles, Featured Tagged With: botnet

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Cybersecurity’s Toll on Mental Health

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use