Routers with default passwords are attracting Mirai infections, Juniper says

Avatar

A specific line of Juniper Networks devices can easily become infected with Mirai malware if users don’t scrap their default passwords, the company says in an advisory.

Beginning December 11, customers started reporting “suspicious behavior” on their Session Smart Routers, Juniper says, and they had one thing in common: They were still using the factory-set passwords on the devices.

A variant of Mirai malware was scanning for such routers and, once infected, the devices were “subsequently used as a DDOS attack source” attempting to disrupt websites with junk traffic, Juniper says. The company does not mention how many devices were infected or where the attacks were directed.

As Juniper notes, Mirai is capable of a “a wide range of malicious activities” in addition to its use in DDoS attacks. Previous reports have noted that the malware has spread cryptominers and allowed “click fraud” to inflate the effectiveness of online ads.

Anyone with Session Smart Routers should immediately give them strong, unique passwords and continue to monitor for suspicious network activity such as unusual port scanning, increased login attempts and spikes in outbound internet traffic, Juniper says.

“If a system is found to be infected, the only certain way of stopping the threat is by reimaging the system as it cannot be determined exactly what might have been changed or obtained from the device,” the advisory says.

Connected devices such as routers and cameras make prime targets for Mirai, which often exploits software bugs to spread. Default login credentials make intrusions much easier.

CybercrimeIndustryNewsNews BriefsTechnology
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Joe Warminsky

is the news editor for Recorded Future News. He has more than 25 years experience as an editor and writer in the Washington, D.C., area. He previously he helped lead CyberScoop for more than five years. Prior to that, he was a digital editor at WAMU 88.5, the NPR affiliate in Washington, and he spent more than a decade editing coverage of Congress for CQ Roll Call.

 

Total
0
Shares
Previous Post

Thousands Download Malicious npm Libraries Impersonating Legitimate Tools

Next Post

US seeks extradition of alleged LockBit ransomware developer from Israel

Related Posts

The ROI of Security Investments: How Cybersecurity Leaders Prove It

Cyber threats are intensifying, and cybersecurity has become critical to business operations. As security budgets grow, CEOs and boardrooms are demanding concrete evidence that cybersecurity initiatives deliver value beyond regulation compliance. Just like you wouldn’t buy a car without knowing it was first put through a crash test, security systems must also be validated to confirm their value.
Avatar
Read More