DZone
Thanks for visiting DZone today,
Edit Profile
  • Manage Email Subscriptions
  • How to Post to DZone
  • Article Submission Guidelines
Sign Out View Profile
  • Post an Article
  • Manage My Drafts
Over 2 million developers have joined DZone.
Log In / Join
Refcards Trend Reports
Events Video Library
Refcards
Trend Reports

Events

View Events Video Library

Zones

Culture and Methodologies Agile Career Development Methodologies Team Management
Data Engineering AI/ML Big Data Data Databases IoT
Software Design and Architecture Cloud Architecture Containers Integration Microservices Performance Security
Coding Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks
Culture and Methodologies
Agile Career Development Methodologies Team Management
Data Engineering
AI/ML Big Data Data Databases IoT
Software Design and Architecture
Cloud Architecture Containers Integration Microservices Performance Security
Coding
Frameworks Java JavaScript Languages Tools
Testing, Deployment, and Maintenance
Deployment DevOps and CI/CD Maintenance Monitoring and Observability Testing, Tools, and Frameworks

Last call! Secure your stack and shape the future! Help dev teams across the globe navigate their software supply chain security challenges.

Modernize your data layer. Learn how to design cloud-native database architectures to meet the evolving demands of AI and GenAI workloads.

Releasing software shouldn't be stressful or risky. Learn how to leverage progressive delivery techniques to ensure safer deployments.

Avoid machine learning mistakes and boost model performance! Discover key ML patterns, anti-patterns, data strategies, and more.

Related

  • How Can Developers Drive Innovation by Combining IoT and AI?
  • A Deep Dive Into Firmware Over the Air for IoT Devices
  • Patch Management in the Age of IoT: Challenges and Solutions
  • IoT Communication Protocols for Efficient Device Integration

Trending

  • The Role of Functional Programming in Modern Software Development
  • Apache Doris vs Elasticsearch: An In-Depth Comparative Analysis
  • Unlocking AI Coding Assistants Part 1: Real-World Use Cases
  • Fraud Detection Using Artificial Intelligence and Machine Learning
  1. DZone
  2. Data Engineering
  3. Big Data
  4. In an IoT-filled World, it's Time to Be Alert in the Wake of 'Hide 'n Seek'

In an IoT-filled World, it's Time to Be Alert in the Wake of 'Hide 'n Seek'

While the Hide and Seek botnet may have come into the spotlight a few months, you can always learn from the past. See what researchers learned about IoT security.

By 
Liz Samet user avatar
Liz Samet
·
Apr. 20, 18 · News
Likes (1)
Comment
Save
Tweet
Share
3.2K Views

Join the DZone community and get the full member experience.

Join For Free

Earlier this year, an Internet of Things (IoT) botnet took its time going viral - it even disappeared for 10 days - but once it got back in gear, it spread worldwide in a matter of days.

Hence the name - HNS or "Hide and Seek" - that researchers at Bitdefender Labs gave it after they first spotted it on Jan. 10, then watched it, "fade away in the following days, only to re-emerge on Jan. 20 in a significantly improved form."

Bogdan Botezatu, a Senior Threat Analyst, wrote on the Bitdefender blog that it started as a 12-device network involving IP cameras in a corner of South Korea, and when it re-emerged it spread around the world to take control of 32,312 devices by Jan. 26.

He wrote that the bot, "was intercepted by our IoT honeypot system following a credentials dictionary attack on the Telnet service."

As of this writing, Bitdefender had not published an update on whether HNS had spread further, and did not respond to a request for comment. But a Jan. 26 update said it, "seems to undergo massive development as new samples compiled for a variety of architectures have been added as payloads."

If there is any good news it is that, like other IoT botnets, it "cannot achieve persistence," which means a user can get rid of the malware simply by rebooting the device.

But even that isn't long-term good news. Chris Clark, Principal Security Engineer of Strategic Initiatives at Synopsys, said rebooting, "is only part of the answer. If the machine was infected before it will be again. If you do not mitigate, a reboot is just a delaying action."

And most of the other findings are that it is both more interesting and potentially more malevolent than those that have been around for years and are generally used for DDoS attacks.

Those can be damaging enough - witness the attack on Internet backbone service provider Dyn in October 2016 by the Mirai botnet that brought down the websites of 80 major Internet companies including Amazon, PayPal, and Twitter.

But HNS and other, more recent, botnets like Mirai, Reaper, and Hajime are designed for more than DDoS attacks. Botezatu wrote that HNS has, "greater levels of complexity and novel capabilities such as information theft - potentially suitable for espionage or extortion," adding that, "it is also worth noting that the botnet is undergoing a constant redesign and rapid expansion."

HNS is only the second (Hajime was the first), to have a decentralized, peer-to-peer (P2P) architecture. But Botezatu said HNS is the first of its kind in another way. The functionality of Hajime is based on the BitTorrent protocol, while in the case of HNS, "here we have a custom-built P2P communication mechanism."

How Does the Hide and Seek Botnet Infect Devices?

It has a "worm-like spreading mechanism," that generates a random list of IP addresses and then initiates a raw socket SYN connection to each host on specific destination ports (23, 2323, 80, and 8080).

"Once the connection has been established, the bot looks for a specific banner ('buildroot login:') presented by the victim," Botezatu wrote. "If it gets this login banner, it attempts to log in with a set of predefined credentials. If that fails, the botnet attempts a dictionary attack using a hardcoded list."

It then uses different techniques to infect a device, depending on whether it is on the same LAN as the bot or is on the Internet.

And it comes with its own, self-protective security features: "These exploitation techniques are preconfigured and are located in a memory location that is digitally signed to prevent tampering. This list can be updated remotely and propagated among infected hosts," Botezatu wrote.

As botnets go, HNS would be relatively small if it stayed in the 30,000 to 40,000 range of devices infected. The first DDoS attack of more than 1Tbps, against hosting provider OVH, was reported in October 2016 and had used an estimated 146,000 cameras and DVRs.

But Clark said the trend in botnets, as well as other attack methods, is increasingly aimed at capturing PII (personally identifiable information) and banking information. "It is a digital world, and in this world, data is money," he said.

And the ability of botnets like this to adapt and redesign themselves should be yet another stark warning to developers of IoT devices and systems that they need to up their game. As Elizabeth Montalbano, writing in the Security Ledger, put it,

"the next-level security demands of the new interconnected-device paradigm are nowhere close to being met."

Still, for those already using the billions of devices that comprise the massive IoT attack surface, there are ways to fight back: "Monitor, monitor, monitor," he said, noting that this includes things like keeping detection systems up-to-date, using outside sources to monitor exfiltration points for odd activity, and patching OSs and software.

"The key is to be aware of the challenges you are facing and keep from burying your head in the sand thinking that no one will go after me. You may not know it, but one of your devices may be part of a botnet right now," he said.

IoT Botnet

Published at DZone with permission of Liz Samet, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

Related

  • How Can Developers Drive Innovation by Combining IoT and AI?
  • A Deep Dive Into Firmware Over the Air for IoT Devices
  • Patch Management in the Age of IoT: Challenges and Solutions
  • IoT Communication Protocols for Efficient Device Integration

Partner Resources

×

Comments

The likes didn't load as expected. Please refresh the page and try again.

ABOUT US

  • About DZone
  • Support and feedback
  • Community research
  • Sitemap

ADVERTISE

  • Advertise with DZone

CONTRIBUTE ON DZONE

  • Article Submission Guidelines
  • Become a Contributor
  • Core Program
  • Visit the Writers' Zone

LEGAL

  • Terms of Service
  • Privacy Policy

CONTACT US

  • 3343 Perimeter Hill Drive
  • Suite 100
  • Nashville, TN 37211
  • support@dzone.com

Let's be friends: