Default Passwords Plague Juniper: Mirai Botnet Exploits SSR Devices
Juniper Networks has issued a warning about a new malicious campaign targeting Session Smart Router (SSR) devices through the Mirai malware. This campaign exploits systems with default passwords, enabling attackers to integrate compromised devices into a botnet for executing distributed denial-of-service (DDoS) attacks.
On December 12, 2024, Juniper released an advisory following numerous reports from clients regarding unusual network behavior. Investigations revealed that the affected systems had been infected with Mirai malware and were being used to launch attacks on other devices.
Active since 2016, Mirai gained notoriety when its source code was publicly released. The malware is capable of scanning devices for vulnerabilities and weak passwords, enlisting them into a botnet for coordinated attacks.
Juniper advises organizations to immediately replace default credentials with unique, robust passwords, regularly monitor access logs for suspicious activity, employ firewalls to prevent unauthorized access, and ensure timely software updates.
Indicators of Mirai infection include aggressive port scanning, repeated SSH login attempts, increased outbound traffic volumes, unexpected system reboots, and connections from malicious IP addresses. The only definitive solution to eliminate the threat is a complete system restoration.
Simultaneously, experts from the AhnLab Security Intelligence Center (ASEC) have identified a new threat: the cShell malware, which targets poorly managed Linux servers with open SSH access. Written in Go, cShell leverages tools like screen and hping3 to facilitate its attacks, posing a significant risk to vulnerable systems.