Security researchers warn of new botnet with "bricking" capabilities
By Max BurkhalterOctober 13, 2020
The internet of things continues to expand at a staggering pace, introducing complex security challenges into modern work environments. Although innovative IoT devices offer new levels of convenience and interconnectivity, most do not come with any built-in security features. This leaves organizations open to a wide range of cyberthreats, from phishing and malware to brute-force attacks against key applications and data stores. To prevent data loss, business disruption and reputational harm, companies must stay on top of new hacking techniques and take steps to mitigate them in the long term.
New botnet capable of wiping IoT devices surfaces
In October 2020, researchers from 360Netlab released a security alert warning consumers and businesses about a new botnet, named HEH Botnet, that is capable of wiping data from IoT devices, servers and routers. This advanced botnet can quickly replicate itself by launching brute-force attacks against internet-connected systems that have Telnet ports (23 and 2323) exposed online. As such, companies that never updated the default credentials of their IoT devices and networking infrastructure face the biggest risk.
Unlike other botnets, HEH Botnet doesn't contain any "offensive features" that are common with these types of cyberthreats, including the ability to launch DDoS attacks, install crypto-mining applications or relay traffic to a compromised data store. Instead, the botnet is intended to dupe infected devices into performing Telnet brute-force attacks across the internet, adding new endpoints to its network. When the HEH Botnet gains control over a computer system or device, malicious actors can send predefined Shell operations capable of wiping out all partitions.
Hacking vs. bricking
The rise of HeH Bonet represents a turning point for cybersecurity that many organizations were unprepared for. While hackers have always sought to steal sensitive information, cause chaos in private networks and disrupt the user experience, outright "bricking" of devices hasn't been as common. Back in 2019, a 14-year-old hacker managed to render up to 4,000 insecure IoT devices inoperable, ThreatPost reported, but quickly shut down his command and control server before more damage was done.
This new round of malware-fueled botnets has a much more destructive feature set than previous versions, which is why companies must take steps to insulate their devices from malicious actors. When devices are bricked, IT managers will be unable to repair or restore them to their previous settings due to damaged firmware. For large companies that own, host and manage massive fleets of IoT devices, this could mean replacing hundreds of devices at a time, leading to missed business opportunities and a lot of unplanned downtime.
The auto manufacturing industry, in particular, must aggressively protect its IoT sensors and routers from these types of Telnet attacks. This is because large manufacturing plants are highly interconnected, allowing botnet malware to quickly spread through key systems and control servers. Considering downtime can cost up to $22,000 per minute in the auto industry, according to a study from Nielsen Research, it's crucial to make proactive cybersecurity improvements that won't impact daily operations.
Perle offers reliable connectivity tools that can help organizations maximize their network and IoT device security. Our industrial-grade Ethernet switches and console servers are designed to work within big data environments that rely on the uninterrupted flow of information between disparate endpoints. Read some of our customer stories to find out more.