Virtual Event Today: Cloud & Data Security Summit - Join Event In-Progress
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Juniper Warns of Mirai Botnet Targeting Session Smart Routers

Juniper Networks says a Mirai botnet is ensnaring session smart router devices that are using default passwords.

Juniper Networks routers using default passwords have been targeted in a botnet infection campaign, the networking products manufacturer warns.

According to the company, multiple customers reported a week ago suspicious behavior on their session smart routers (SSR), which was determined to be an infection with Mirai malware.

All the impacted systems were using default credentials, were ensnared in a botnet, and were used to launch distributed denial-of-service (DDoS) attacks against other systems.

“Any customer not following recommended best practices and still using default passwords can be considered compromised as the default SSR passwords have been added to the virus database,” Juniper notes in an advisory.

The malware scans the internet for devices that are using default usernames and passwords, attempts to gain access to them, and then allows threat actors to execute various commands remotely to perform malicious activities, including launching DDoS attacks.

Juniper advises organizations to monitor for unusual port scanning activity (such as connection attempts to TCP port 23), failed SSH login attempts indicating brute-force attacks, spikes in outbound traffic volume to unknown external IPs, unexpected device reboots and erratic behavior, and connections from known malicious IP addresses.

Advertisement. Scroll to continue reading.

“If a system is found to be infected, the only certain way of stopping the threat is by reimaging the system as it cannot be determined exactly what might have been changed or obtained from the device,” Juniper notes.

Organizations are advised to change the default credentials on all routers and implement strong, unique passwords for each device, regularly review access logs to identify suspicious activity, use firewalls to block unauthorized access, monitor network behavior, and ensure that their devices are kept always updated.

“By staying vigilant and implementing these best practices, organizations can reduce their risk of falling victim to Mirai and similar malware,” Juniper says.

Related: Citrix Warns of Password Spraying Attacks Targeting NetScaler Appliances

Related: Password Report: Honeypot Data Shows Bot Attack Trends Against RDP, SSH

Related: Microsoft Disrupts Infrastructure Used by Russia’s Hackers in Ukraine Attacks

Related: Dozens of Dormant North American Networks Suspiciously Resurrected at Once

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

N-able has appointed Russell Rosa as Chief Revenue Officer.

Stacy O'Mara has joined Armadin as Chief Policy Officer and Director of Global Government Affairs.

F5 has appointed Cathy Peterman as Chief People Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.