A new attack campaign utilizing updated instances of the Hide ‘N Seek IoT botnet are currently attacking users worldwide. The security analysis of the captured samples showcase that the updated code a wide range of databases servers support. This gives hacking groups a very formidable weapon that they can utilize in advanced attacks.
Hide ‘N Seek IoT Botnet Updated With New Capabilities
Newly captured strains of the Hide ‘N Seek IoT botnet have been found to contain an updated code base. The captured strains reveal that the new versions of the malware can target various database servers thus presenting an even bigger threat.
The first versions of Hide ‘N Seek were found in January in large-scale global campaigns that were able to infect thousands of devices in a swift manner. The conducted analysis shows that the hackers behind the infiltrations used numerous vulnerabilities to find a weakness and infect the target host. By the beginning of May 2018 the statistics indicate that the botnet has infected over 90 000 hosts. Other additions to it at that time included a new persistence module.
Such additions reconfigure the target system’s settings in order to automatically start the malware once the device is powered on. It reconfigures the boot settings in order to bypass any services or applications that can interfere with it’s correct execution. If Windows devices are the infected, the engine can modify the respective Registry entries by modifying the ones belonging to the boot manager, in addition it can install entries belonging to itself.
Hide ‘N Seek IoT Botnet Mechanism of Infection
The infections are done in a P2P manner which do not rely on a centralized location from where the attacks are being done. This makes it much more effective (Read more...)
*** This is a Security Bloggers Network syndicated blog from How to, Technology and PC Security Forum authored by Martin Beltov. Read the original post at: https://sensorstechforum.com/hide-n-seek-iot-botnet-updated/