Protecting Your Business (and Home) From The HEH Botnet

There's a new IoT botnet spreading like wildfire, and it contains a concerning feature: the ability to wipe infected systems. Here's how to protect yourself.

It wasn’t a question of if. It was a matter of when. The fact is that thanks to the security shortcomings of the Internet of Things (IoT), it represents the perfect target for criminals looking to build a botnet. And the scale to which these new IoT-based networks can grow is frightening, to say the least.

We’ve already seen the damage that a botnet of this caliber can cause. And it’s going to get worse before it gets better. That’s why it’s no surprise that last month, researchers identified yet another newcomer to the IoT botnet space, called HEH. 

At first glance, it’s fairly bog-standard. As reported by tech publication ZDNet, it spreads by launching automated, brute-force attacks against Internet-connected systems with open Telnet ports. As for what the botnet does when it gains access? Nothing. 

It doesn’t have the capacity to launch DDOS attacks. It doesn’t attempt to mine cryptocurrency. It doesn’t try to exfiltrate or sniff out data. Instead, it simply leverages newly-infected devices to help it continue spreading. 

Here’s where it gets concerning. HEH does contain code that allows an attacker to run Shell commands on any infected device. And it also contains a kill switch that completely wipes said device. In other words, this botnet could potentially spread to thousands, perhaps even hundreds of thousands of connected endpoints, and then turn them into paperweights.

There’s some good news here, mind you. 

Unlike some other botnets, HEH is relatively easy to defend against. Simply make sure your Telnet ports are closed on any devices that don’t need them open. And beyond that, it’s simply a matter of doing the things you already should have been doing.

  • Replace default credentials on all connected devices. 
  • Make sure to use strong, unique passwords for all logins, and don’t reuse passwords.
  • Monitor your network, both personal and professional, for any signs of suspicious or unusual activity.
  • Retain backups of all critical systems and data.

Of course, botnets like HEH are rarely any threat to people like us. We understand exactly how insecure our connected devices are, and we know how to protect them. The people who will truly end up being hit hard by this botnet and others like it are those without extensive technical knowledge.

With that in mind, it may be worthwhile to speak to your colleagues about putting out a brief. Explain to your users what HEH is, how it works, and how to defend against it and other malicious software like it. You’ve no guarantee that everyone will take your advice.

But if you can help even a few people avoid getting their entire smart home bricked, it will be worth it.