Juniper Networks is warning that Session Smart Router (SSR) products with default passwords are being targeted as part of a malware campaign deploying the Mirai botnet malware.
The company said it is issuing the advisory after “several customers” reported anomalous behavior on their Session Smart Network (SSN) platforms on December 11, 2024.
“These systems were infected with the Mirai malware and subsequently used as a source of DDOS attacks on other devices accessible through their network,” it said. said. “All affected systems used default passwords.”
Miraiwhose source code was published in 2016, has spawned several variants over the years. The malware is capable of scanning for known vulnerabilities as well as default credentials to infiltrate devices and recruit them into a botnet to conduct distributed denial of service (DDoS) attacks.
To reduce such threats, organizations are encouraged to immediately change their passwords to strong, unique passwords (if not already), periodically check access logs for signs of suspicious activity, use firewalls to block unauthorized access, and update software. date
Some indicators associated with Mirai attacks include unusual port scans, frequent SSH login attempts indicating brute force attacks, increased outbound traffic to unexpected IP addresses, random reboots, and connections from known malicious IP addresses.
“If a system is found to be infected, the only sure way to stop the threat is to reimage the system, as it cannot be determined exactly what may have been modified or obtained from the device,” the company said.
The development comes after the AhnLab Security and Intelligence Center (ASEC) discovered that poorly managed Linux servers, specifically public SSH services, were being targeted by a previously undocumented family of DDoS malware called cShell.
“cShell is developed in the Go language and is characterized by the use of Linux tools called screen and hping3 to perform DDoS attacks,” ASEC said.
