Juniper Networks warns Mirai botnet is back and targeting new devices
- Juniper Networks warns Mirai botnet is scanning for vulnerable routers
- The campaign started in mid-December 2024, and includes DDoS attacks
- Users should tighten up on security, researchers say
Operators of the Mirai botnet are back, and looking for easy-to-compromise Session Smart routers to assimilate, experts have warned.
Cybersecurity researchers from Juniper Networks, who recently published a new security advisory, warning its customers of the ongoing threat, noted the malware is scanning for internet-connected Session Smart routers that are using default login credentials.
Those that fall into this category are accessed, and used for a wide variety of malicious activities, but mostly Distributed Denial of Service (DDoS) attacks. The campaign apparently started on December 11, and could still be ongoing.
Mirai’s turbulent past
“On Wednesday, December 11, 2024, several customers reported suspicious behavior on their Session Smart Network (SSN) platforms,” Juniper said in the security advisory. “Any customer not following recommended best practices and still using default passwords can be considered compromised as the default SSR passwords have been added to the virus database.”
The best way to protect against the threat is to make sure your internet-connected devices do not use factory login credentials. Instead, they should be protected with strong passwords and, if possible, placed behind a firewall.
The Mirai botnet is infamous for targeting Internet of Things (IoT) devices, and then using them to launch massive DDoS attacks. It is also known for exploiting weak or default credentials on devices like routers, cameras, and other IoT hardware. It was first spotted in 2016, but gained notoriety after targeting Krebs on Security in September 2016 and mounting the Dyn DNS attack in October 2016.
Mirai is arguably the most popular botnet out there, but it’s not the only threat. StormBot, Mozi, Satori, or Mantis are all malware variants known for launching disruptive attacks across the web. It also survived multiple takedown attempts, including the source code leak from 2016, the arrest of its developers in 2017, and multiple law enforcement campaigns.
Via BleepingComputer