Juniper Networks warns that a Mirai botnet is targeting SSR devices with default passwords after unusual activity was reported on December 11, 2024.
Juniper Networks is warning that a Mirai botnet is targeting Session Smart Router (SSR) products with default passwords.
Multiple customers reported anomalous activity on their Session Smart Network (SSN) platforms on December 11, 2024. Threat actors initially compromised the devices, and then employed them in DDoS attacks.
“On Wednesday, December 11, 2024, several customers reported suspicious behavior on their Session Smart Network (SSN) platforms. These systems have been infected with the Mirai malware and were subsequently used as a DDOS attack source to other devices accessible by their network.” read the report published by Juniper Networks. “The impacted systems were all using default passwords.”
Mirai bot exploits devices using default credentials, enabling remote command execution through SSH attacks to facilitate various malicious activities, including DDoS attacks.
Signs of Mirai activity include unusual port scanning, frequent failed SSH logins, spikes in outbound traffic, erratic device behavior, and connections from malicious IPs.
To mitigate the exposure to these threats, users are recommended to change default credentials, use strong passwords, review access logs, employ firewalls and IDS/IPS, and keep firmware up-to-date.
Below are actions recommended by Juniper Networks:
- Strengthen Security Practices:
- Change default credentials on all SSRs.
- Implement strong, unique passwords across devices.
- Monitor Logs:
- Regularly review access logs for anomalies and set alerts for suspicious activity.
- Use Firewalls and IDS/IPS:
- Employ firewalls to block unauthorized access and intrusion detection systems to monitor network behavior.
- Keep Software Updated:
- Apply the latest firmware updates to patch vulnerabilities.
“By staying vigilant and implementing these best practices, organizations can reduce their risk of falling victim to Mirai and similar malware.” concludes the report.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Mirai)