“Hide ‘N Seek” Botnet Uses Peer-to-Peer Infrastructure to Compromise IoT Devices

Botnets that target Internet of Things (IoT) devices are neither new nor rare, with the infamous Mirai perhaps being the most popular example. However, a new botnet dubbed “Hide ‘N  Seek”, or HNS, is seemingly one of the first—along with the Hajime botnet—to use custom built peer-to-peer (P2P) communication for its infrastructure. The botnet has affected over 24,000 devices, including devices in the U.S. and Asia, as of the time of publication.

First discovered by researchers in early January, HNS compromises machines via a worm-like mechanism, which creates a random list of IP addresses for its potential victims. Compromising a device will allow HNS to perform a variety of commands, similar to a P2P protocol, that include data exfiltration, code execution and device operation interference. It can also target devices via the same web exploitation capabilities seen in the Reaper botnet. To prevent a third party from hijacking or poisoning it, HNS comes with multiple anti-tampering techniques.

An interesting characteristic of HNS is that it does not possess a Distributed Denial of Service (DDoS) function seen in other IoT botnets. However, it does come with a file theft component—unusual in IoT botnets—that adds elements of cyber-espionage to the botnet.

Like other IoT botnets, HNS lacks persistence—each reboot effectively purges it from the device. Botnets like HNS are characterized by their ability to spread quickly and effectively, infecting thousands, if not millions of devices in a short span of time. These botnets are also constantly evolving, adding new capabilities and features that make them more effective.

Fortunately, users can protect themselves from IoT-based threats without having to resort to complicated methods. Changing the device’s default password with a stronger one—preferably using at least 15 characters, with both uppercase and lowercase letters, numbers, and special characters—can make it more difficult for botnets to access the device's interface.

Users should also regularly check for any available updates for their device, as these can address security flaws and vulnerabilities that botnets can use as an entry point into the system or device.

In addition to the best practices mentioned above, users can look into solutions such as Trend Micro™ Security and Trend Micro Internet Security, which offer effective protection for threat’s to IoT devices using security features that can detect malware at the endpoint level. Connected devices are protected by security solutions such as Trend Micro Home Network Security, which can check internet traffic between the router and all connected devices. In addition, enterprises can monitor all ports and network protocols to detect advanced threats and protect from targeted attacks via Trend Micro™ Deep Discovery™ Inspector.

 

 

 

HIDE

Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.