Hide ‘N’ Seek IoT Botnet

Hide ‘N’ Seek IoT Botnet Gains Persistence

Target: IoT Devices
Attack Vector: Telnet connection or brute-force dictionary attack
Summary: Researchers at Bit Defender have discovered the first instance of an IoT botnet malware strain that has gained persistence on devices, even after the devices are rebooted following the initial compromise. The Hide ‘N’ Seek botnet has been in development since first observed in the wild in January 2017. It has been developed by the actors and now has this capability along with P2P communications. If this development can be exploited further, it could drastically alter the war on malware, as it could open up the floodgates for targeted attacks on IoT devices, which, in certain circumstances, could be vulnerable to infection. It is estimated that there will be some 31 billion connected IoT devices as of 2018

Risk assessment summary: The threat is assessed as 3c MODERATE. This malware and its use of the same exploit as Reaper and other vulnerabilities against networked devices, is likely to be developed further and weaponised by threat actors. Further attacks using this vector remain a significant risk factor. The malware has already undergone a number of upgrades and now allows lateral movement through a Telnet port to infect further devices and gain persistence in doing so under certain circumstances. The potential for the growth of this botnet is also a significant cause for concern. If it can be further developed and weaponised, it could have a significant effect on IoT and networked devices

Leave a Reply

Your email address will not be published. Required fields are marked *