- Juniper Networks warns that Mirai botnet is searching for vulnerable routers
- The campaign began in mid-December 2024 and includes DDoS attacks
- Users should tighten security, researchers say
Mirai botnet operators are back and looking for easy-to-compromise Session Smart routers to take over, experts have warned.
Cybersecurity researchers at Juniper Networks, who recently published a new security advisory, warning their customers about the current threat, noted that the malware is scanning Internet-connected Session Smart routers that use default login credentials.
Those that fall into this category are accessed and used for a wide variety of malicious activities, but primarily distributed denial of service (DDoS) attacks. The campaign apparently began on December 11 and could still continue.
Mirai's turbulent past
“On Wednesday, December 11, 2024, several customers reported suspicious behavior on their Session Smart Network (SSN) platforms,” Juniper said in the security advisory. “Any customers who do not follow recommended best practices and continue to use default passwords may be considered compromised as the default SSR passwords have been added to the virus database.”
The best way to protect yourself against the threat is to ensure that your internet-connected devices are not using factory login credentials. Instead, they should be protected with strong passwords and, if possible, placed behind a firewall.
The Mirai botnet is famous for attacking Internet of Things (IoT) devices and then using them to launch massive DDoS attacks. It is also known to exploit weak or default credentials on devices such as routers, cameras, and other IoT hardware. It was first detected in 2016, but gained notoriety after attacking Krebs on Security in September 2016 and mounting the Dyn DNS attack in October 2016.
Mirai is possibly the most popular botnet out there, but it is not the only threat. StormBot, Mozi, Satori or Mantis are malware variants known for launching disruptive attacks on the web. It also survived multiple takedown attempts, including the 2016 source code leak, the 2017 arrest of its developers, and multiple police campaigns.
Through beepcomputer
