Peer-to-peer botnets have become the latest threat, and boy, oh boy, they are spreading fast.
What’s going on?
The vicious HEH botnet has surfaced that is capable of wiping every piece of data from infected systems. This P2P botnet, written in GoLang, has been observed targeting a variety of IoT devices with weakly protected or exposed telnet services.
What does this imply?
This new botnet is part of SSH-targeting malware tools written in GoLang. As the Go programming language offers a wide array of community-supported modules, its increasing use points to a new generation of malware and capabilities.
Other P2P incidents
- The Mozi botnet rose to prominence in October 2019 and still continues to attack IoT devices. This botnet conducts DDoS attacks, sends spam, and steals data.
- The FrtizFrog botnet is another based on GoLang and leaves no trace on the infected disk. It has attempted to brute-force approx. 500 SSH servers belonging to various sectors, including government, healthcare, and telecom. Its main purpose is to mine for cryptocurrency using an XMRig miner.
- Other P2P botnets terrorizing cyberspace include Kaiji and IRCflu.
The bottom line
As the threat landscape continues to shift, threat actors are shifting to newer tactics to exploit new kinds of attack vectors. IoT devices are under constant attack and thus, organizations need to be cognizant of such threats.