Researchers have discovered an emerging botnet that uses advanced communication techniques to exploit victims and build its infrastructure. The bot, dubbed ‘Hide ‘N Seek’, or ‘HNS’, was intercepted by Bitdefender’s IoT honeypot system following a credentials dictionary attack on the Telnet service. HNS is the first peer-to-peer botnet aimed at IoT devices that rolled its own communications protocol. The other known P2P botnet, dubbed Hajime, uses BitTorrent for peer-to-peer communications HNS also grows at an alarming pace – from 12 original reports on Jan 10th to 2700 infected devices by the end of the business day 23/01/18. Nadav Avital, Security Researcher at Imperva commented below.
Nadav Avital, Security Researcher at Imperva:
“The discovery of this IoT botnet echoes the findings of a recent piece of Imperva research into vulnerabilities in 2017. As IoT devices become increasing popularity in our modern lives, they also become more attractive to cybercriminals. In fact, in 2017 we recorded a record number of IoT vulnerabilities, with them more than doubling since 2016.
This research also emphasises the need for an account takeover solution which protects all devices with a network presence. Account takeover is a big problem, however it is not something which IoT vendors provide protection for. It is therefore a good idea for organisations to deploy an external solution for security.”