The internet of things (IoT) botnet known as Hide and Seek (HNS) attack victims or company network using router-based vulnerabilities such as CVE-2016-10401 to execute malicious codes escalate privileges and steal the victim’s sensitive information.
HNS communication is established through peer to peer network which one of the rare mechanism which is used by HNS as a second IoT Botnet after Hajime that is first IoT botnet that uses P2P communication.
Its very difficult task to take down the P2P network and there is a lot of updates that have been implemented in HNS Botnet over the past months.
An updated version of HNS contains exploits for AVTECH devices (webcam, webcam), CISCO Linksys router, JAWS/1.0 web server, Apache CouchDB, OrientDB; with the two devices.
Also, HNS added the cpuminer mining program and also added support of OrientDB and CouchDB database.
So HNS Bonet is not only targeting the IoT devices but also it working against cross-platform and HNS presently supports 7 exploiting methods.
Also to avoid botnet attacks Enterprise Networks should choose the best DDoS Attack prevention services to ensure the DDoS attack protection and prevent their network.
Also Read: Protect website from future attacks Also Check your Companies DDOS Attack Downtime Cost.
HNS Botnet Sample Analysis
An Initial stage of attack HNS botnet start scanning the targetted victims network and it borrows the code from powerful Mirai Botnet.
HNS scanning for open ports including TCP port 80/8080/2480/5984/23 and other random ports.
According to 360 netlab, After implant the relevant ports the HNS will be utilizing the following exploits.
- TP-Link-Routers RCE
- Netgear RCE
- new: AVTECH RCE
- new: CISCO Linksys Router RCE
- new: JAW/1.0 RCE
- new: OrientDB RCE
- new: CouchDB RCE
Apart from this HNS node using 3 methods to contact to P2P, first one is from a hard-coded built-in list, second is from command-line args third one is from other P2P peers.
Check-in Process started with no Command line arguments then HNS node will send lots of UPD check-in packets.
The Interaction Process in between HNS nodes with many characteristics to perform Peer to Peers interaction successfully and take down the victims network using various powerful router based exploits.
It using 171 hardcoded P2P peer address and the list is here.
An organization should always ensure and focus on maximum Protection level for enterprise networks and you can try a free trial to Stop DDoS Attack in 10 Seconds.
Therefore, companies and individual who have networks running in their place should be watchful and update their networks with recent patches.
Felix Onyenobi is a technology enthusiast and loves to write. He is a co-founder at SkyNet Digital Agency. Also a web developer, Penetration tester and ethical hacker.