Summary: Juniper Networks has issued a warning regarding the vulnerability of their Session Smart Routers to Mirai malware due to the use of default passwords. Infected devices can be exploited for DDoS attacks and other malicious activities, emphasizing the need for strong, unique passwords.
Threat Actor: Mirai Botnet | Mirai
Victim: Juniper Networks Customers | Juniper Networks
Key Point :
- Default passwords on Session Smart Routers make them susceptible to Mirai malware.
- Infected routers can be used as sources for DDoS attacks, disrupting targeted websites.
- Users are advised to change factory-set passwords and monitor for unusual network activity.
- Reimaging the system is necessary if a device is found to be infected to eliminate the threat.
- Mirai exploits connected devices, making them prime targets for various malicious activities.
A specific line of Juniper Networks devices can easily become infected with Mirai malware if users don’t scrap their default passwords, the company says in an advisory.
Beginning December 11, customers started reporting “suspicious behavior” on their Session Smart Routers, Juniper says, and they had one thing in common: They were still using the factory-set passwords on the devices.
A variant of Mirai malware was scanning for such routers and, once infected, the devices were “subsequently used as a DDOS attack source” attempting to disrupt websites with junk traffic, Juniper says. The company does not mention how many devices were infected or where the attacks were directed.
As Juniper notes, Mirai is capable of a “a wide range of malicious activities” in addition to its use in DDoS attacks. Previous reports have noted that the malware has spread cryptominers and allowed “click fraud” to inflate the effectiveness of online ads.
Anyone with Session Smart Routers should immediately give them strong, unique passwords and continue to monitor for suspicious network activity such as unusual port scanning, increased login attempts and spikes in outbound internet traffic, Juniper says.
“If a system is found to be infected, the only certain way of stopping the threat is by reimaging the system as it cannot be determined exactly what might have been changed or obtained from the device,” the advisory says.
Connected devices such as routers and cameras make prime targets for Mirai, which often exploits software bugs to spread. Default login credentials make intrusions much easier.
Recorded Future
Intelligence Cloud.
Source: https://therecord.media/routers-with-default-passwords-mirai-malware-juniper