Persistent Bots: Five Ways They Stay Enmeshed in Your Network

Earlier this year, the developers of a malicious program created to infect Linux-based internet-of-things (IoT) devices found a way for it to automatically reinstall the malware following a reboot. The malware, known as Hide ‘N Seek, is the first known example of an IoT botnet that can stick around after the user restarts a device. Known as persistence, such a feature makes malware much harder to clean from compromised systems and will likely cause significant headaches for service providers and the owners of the devices, said Bogdan Botezatu, senior e-threat analyst with software security firm Bitdefender, which published an analysis of the malware on May 7. "The rest of the (IoT) botnets, even if they have impressive numbers, fluctuate because they do not have persistence," Botezatu said. "While compromising an IoT device is pretty simple, achieving persistence is usually extremely difficult, because writing a binary to an IoT device requires root privileges." Persistence has become a significant aspect of malicious software, one of 11 major tactics that online attackers incorporate into their code, according to the Adversarial Tactics, Techniques & Common Knowledge (ATT&CK) database managed by MITRE, a non-profit research/development center.