Tuesday, March 19, 2024

HNS IoT Botnet Compromised More than 14k Devices that Spreads from Asia to the United States

A new IoT Botnet dubbed HNS is growing phenomenally and spreads from Asia to the United States.The HNS IoT Botnet features a worm-like mechanism and embeds numerous commands such as data exfiltration, code execution and interference with a device’s operation.

The Bot was uncovered by Bitdefender Security researchers, they first spotted the bot by Jan. 10 and then it faded up and comes back significantly in more improved form by Jan. 20.

It utilizes the same exploit(CVE-2016-10401) as Reaper done and other vulnerabilities in the networking components.

The bot growing enormously and geographically distributed, initially it started as 12-device network and now it counts more than 14k.

HNS IoT Botnet
Source:’ Bitdefender
Much like anything nowadays, even IoT can go under attack by the individuals who know how to tackle its potential for malice. So it perhaps didn’t come as any big surprise that back in October 2016, Mirai (Japanese for “the future”), a malware surfaced attacking IoT devices such as IP cameras and home routers turning them into “bots”.

HNS IoT Botnet Operation

HNS bot has a worm-like spreading mechanism and randomly generates victim IP list. Later it initiates SYN connection to host and established communication if it get’s response from destination ports (23 2323, 80, 8080).

Researchers said "Once the connection has been established, the bot looks
for a specific banner (“buildroot login:”) presented by the victim. If it
gets this login banner, it attempts to log in with a set of predefined
credentials. If that fails, the botnet attempts a dictionary attack using
a hardcoded list".

Once the Bot has a new victim it identifies the target victim and select attack method suitable for the device.If the victims are through LAN and not over the Internet it setup TFTP server to download the malware and if the victim over the Internet it attempts a remote code delivery.

All the attack techniques are preconfigured and the bot decides attack vector based on the victim.It also has a custom-built p2p communication mechanism. Bitdefender published a technical report with communication mechanism and supported commands.

Mitigations – HNS IoT Botnet

The bot is not a persistent one, so a reboot could clean the device.

Hashes

efcd7a5fe59ca8223cd282bfe501a2f92b18312c
05674f779ebf9dc6b0176d40ff198e94f0b21ff9

As with any new technology, IoT promises to be the future of the Internet, bringing better connectivity and ease of use of the devices we use, but these botnet attacks show, an equal amount of stress must be placed on security.

Website

Latest articles

CryptoWire Ransomware Attacking Abuses Schedule Task To maintain Persistence

AhnLab security researchers detected a resurgence of CryptoWire, a ransomware strain originally prevalent in...

E-Root Admin Sentenced to 42 Months in Prison for Selling 350,000 Credentials

Tampa, FL – In a significant crackdown on cybercrime, Sandu Boris Diaconu, a 31-year-old...

WhiteSnake Stealer Checks for Mutex & VM Function Before Execution

A new variant of the WhiteSnake Stealer, a formidable malware that has been updated...

Researchers Hack AI Assistants Using ASCII Art

Large language models (LLMs) are vulnerable to attacks, leveraging their inability to recognize prompts...

Microsoft Deprecate 1024-bit RSA Encryption Keys in Windows

Microsoft has announced an important update for Windows users worldwide in a continuous effort...

Beware Of Free wedding Invite WhatsApp Scam That Steal Sensitive Data

The ongoing "free wedding invite" scam is one of several innovative campaigns aimed at...

Hackers Using Weaponized SVG Files in Cyber Attacks

Cybercriminals have repurposed Scalable Vector Graphics (SVG) files to deliver malware, a technique that...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles