Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Juniper Warns of Mirai Botnet Targeting Session Smart Routers

Juniper Networks says a Mirai botnet is ensnaring session smart router devices that are using default passwords.

Juniper Networks routers using default passwords have been targeted in a botnet infection campaign, the networking products manufacturer warns.

According to the company, multiple customers reported a week ago suspicious behavior on their session smart routers (SSR), which was determined to be an infection with Mirai malware.

All the impacted systems were using default credentials, were ensnared in a botnet, and were used to launch distributed denial-of-service (DDoS) attacks against other systems.

“Any customer not following recommended best practices and still using default passwords can be considered compromised as the default SSR passwords have been added to the virus database,” Juniper notes in an advisory.

The malware scans the internet for devices that are using default usernames and passwords, attempts to gain access to them, and then allows threat actors to execute various commands remotely to perform malicious activities, including launching DDoS attacks.

Juniper advises organizations to monitor for unusual port scanning activity (such as connection attempts to TCP port 23), failed SSH login attempts indicating brute-force attacks, spikes in outbound traffic volume to unknown external IPs, unexpected device reboots and erratic behavior, and connections from known malicious IP addresses.

“If a system is found to be infected, the only certain way of stopping the threat is by reimaging the system as it cannot be determined exactly what might have been changed or obtained from the device,” Juniper notes.

Organizations are advised to change the default credentials on all routers and implement strong, unique passwords for each device, regularly review access logs to identify suspicious activity, use firewalls to block unauthorized access, monitor network behavior, and ensure that their devices are kept always updated.

Advertisement. Scroll to continue reading.

“By staying vigilant and implementing these best practices, organizations can reduce their risk of falling victim to Mirai and similar malware,” Juniper says.

Related: Citrix Warns of Password Spraying Attacks Targeting NetScaler Appliances

Related: Password Report: Honeypot Data Shows Bot Attack Trends Against RDP, SSH

Related: Microsoft Disrupts Infrastructure Used by Russia’s Hackers in Ukraine Attacks

Related: Dozens of Dormant North American Networks Suspiciously Resurrected at Once

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

MorganFranklin Cyber has appointed Keith Hollender as CEO and member of the Board of Directors.

Lisa Banks has been named Chief Financial Officer at Abnormal Security.

Threat detection and response company Trellix has appointed Vishal Rao as its new CEO.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.