Juniper Networks routers using default passwords have been targeted in a botnet infection campaign, the networking products manufacturer warns.
According to the company, multiple customers reported a week ago suspicious behavior on their session smart routers (SSR), which was determined to be an infection with Mirai malware.
All the impacted systems were using default credentials, were ensnared in a botnet, and were used to launch distributed denial-of-service (DDoS) attacks against other systems.
“Any customer not following recommended best practices and still using default passwords can be considered compromised as the default SSR passwords have been added to the virus database,” Juniper notes in an advisory.
The malware scans the internet for devices that are using default usernames and passwords, attempts to gain access to them, and then allows threat actors to execute various commands remotely to perform malicious activities, including launching DDoS attacks.
Juniper advises organizations to monitor for unusual port scanning activity (such as connection attempts to TCP port 23), failed SSH login attempts indicating brute-force attacks, spikes in outbound traffic volume to unknown external IPs, unexpected device reboots and erratic behavior, and connections from known malicious IP addresses.
“If a system is found to be infected, the only certain way of stopping the threat is by reimaging the system as it cannot be determined exactly what might have been changed or obtained from the device,” Juniper notes.
Organizations are advised to change the default credentials on all routers and implement strong, unique passwords for each device, regularly review access logs to identify suspicious activity, use firewalls to block unauthorized access, monitor network behavior, and ensure that their devices are kept always updated.
“By staying vigilant and implementing these best practices, organizations can reduce their risk of falling victim to Mirai and similar malware,” Juniper says.
Related: Citrix Warns of Password Spraying Attacks Targeting NetScaler Appliances
Related: Password Report: Honeypot Data Shows Bot Attack Trends Against RDP, SSH
Related: Microsoft Disrupts Infrastructure Used by Russia’s Hackers in Ukraine Attacks
Related: Dozens of Dormant North American Networks Suspiciously Resurrected at Once