Security researchers at Netlab have recently reported on their discovery of a terrifying new botnet on the web.
Dubbed HEH, this botnet is a different sort of threat. Unlike most others, this one is not designed to launch DDOS attacks or install malicious code.
Its purpose is much simpler, and it only does two things.
First, it performs brute force attacks to capture IoT devices, adding them to its collective. Second, it executes a shortlist of predefined shell commands designed to wipe out all of a target device’s partitions. It is both simple and potentially devastating.
The existence of the HEH botnet in its current form is something of a head-scratcher for the researchers who found it. At this point, they’re not sure if the botnet is functioning as it was intended, or if it was simply badly programmed and was originally designed to do something else. Whether HEH is the way it is by design, or the accidental creation of a group of as yet unidentified hackers who don’t know code very well, the bottom line is that HEH is a legitimate threat and something to keep a watchful eye on.
Most hackers do what they do because there’s money in it. They can break into a target network and either steal and/or encrypt files and then demand payment to fix the problem they created. HEH isn’t like that at all. The only thing it can be used for is destruction, and if it hits your network, it will wipe out everything.
Worse, the botnet is growing at a rapid clip because so many IoT devices have little to no protection against even rudimentary attacks. So, more and more devices are getting added to the collective on a daily basis. This one definitely bears watching.