Hide and Seek: The first IoT botnet to survive device resets is caught

Hide and Seek: The first IoT botnet to survive device resets is caught
Ryan is a senior editor at TechForge Media with over a decade of experience covering the latest technology and interviewing leading industry figures. He can often be sighted at tech conferences with a strong coffee in one hand and a laptop in the other. If it's geeky, he’s probably into it. Find him on Twitter: @Gadget_Ry

A botnet has been discovered by security researchers which is the first to survive resets of compromised devices.

Researchers from Bitdefender published their findings today. The malware strain, which they’ve dubbed 'Hide and Seek' (HNS) for self-explanatory reasons, copies itself to the /etc/init.d/ folder.

This folder contains the daemon scripts for Linux-based systems which are often used for devices like IoT products and routers. By placing itself here, it can automatically be run again to re-infect the device following a reboot.

Bitdefender first spotted the HNS malware back in early January. By the end of the month, it grew to around 32,000 devices. Since then, it’s infected around 90,000 unique devices.

Researchers say HNS has become more advanced in this time. Whereas it would previously guess passwords, now it can identify types of devices and login using their default credentials.

The discovery is a concerning moment for IoT security. Even the infamous ‘Mirai’ botnet, which caused record-breaking DDoS attacks, was unable to survive a device reset. Although, Kaspersky Labs discovered a Windows variant of Mirai whereas HNS is currently limited to Linux.

Kurt Baumgartner, Principal Security Research at Kaspersky Labs, said at the time:

“The appearance of a Mirai crossover between the Linux platform and the Windows platform is a real concern, as is the arrival on the scene of more experienced developers.

A Windows botnet spreading IoT Mirai bots turns a corner and enables the spread of Mirai to newly available devices and networks that were previously unavailable to Mirai operators. This is only the beginning.”

Time is said to reveal all, and it seems Baumgartner was right — Mirai was only the beginning. Hide and Seek could pose an even greater threat.

What are your thoughts on the HNS botnet? Let us know in the comments.


https://www.iottechexpo.com/wp-content/uploads/2018/09/iot-tech-expo-world-series.pngInterested in hearing industry leaders discuss subjects like this and sharing their IoT use-cases? Attend the IoT Tech Expo World Series events with upcoming shows in Silicon Valley, London and Amsterdam to learn more.

The show is co-located with the AI & Big Data Expo, Cyber Security & Cloud Expo and Blockchain Expo so you can explore the entire ecosystem in one place.

View Comments
Leave a comment

Leave a Reply

Your email address will not be published.