Juniper Networks is caution that Consultation Good Router (SSR) merchandise with default passwords are being focused as a part of a malicious marketing campaign that deploys the Mirai botnet malware.
The corporate mentioned it is issuing the advisory after “a number of shoppers” reported anomalous habits on their Consultation Good Community (SSN) platforms on December 11, 2024.
“Those techniques had been inflamed with the Mirai malware and had been therefore used as a DDOS assault supply to different units available by way of their community,” it mentioned. “The impacted techniques had been all the use of default passwords.”
Mirai, which has had its supply code leaked in 2016, has spawned a number of variants through the years. The malware is able to scanning for recognized vulnerabilities in addition to default credentials to infiltrate units and enlist them right into a botnet for mounting allotted denial-of-service (DDoS) assaults.
To mitigate such threats, organizations are advisable to modify their passwords with speedy impact to sturdy, distinctive ones (if now not already), periodically audit get entry to logs for indicators of suspicious job, use firewalls to dam unauthorized get entry to, and stay tool up-to-date.
One of the most signs related to Mirai assaults come with strange port scanning, common SSH login makes an attempt indicating brute-force assaults, larger outbound visitors quantity to surprising IP addresses, random reboots, and connections from recognized malicious IP addresses.
“If a device is located to be inflamed, the one positive approach of preventing the risk is by way of reimaging the device because it can’t be decided precisely what may had been modified or acquired from the tool,” the corporate mentioned.
The improvement comes because the AhnLab Safety Intelligence Middle (ASEC) published that poorly controlled Linux servers, in particular publicly uncovered SSH services and products, are being focused by way of a in the past undocumented DDoS malware circle of relatives dubbed cShell.
“cShell is evolved within the Pass language and is characterised by way of exploiting Linux equipment referred to as display and hping3 to accomplish DDoS assaults,” ASEC mentioned.