Pierluigi Paganini
December 19, 2024
Juniper Networks is warning that a Mirai botnet is targeting Session Smart Router (SSR) products with default passwords.
Multiple customers reported anomalous activity on their Session Smart Network (SSN) platforms on December 11, 2024. Threat actors initially compromised the devices, and then employed them in DDoS attacks.
“On Wednesday, December 11, 2024, several customers reported suspicious behavior on their Session Smart Network (SSN) platforms. These systems have been infected with the Mirai malware and were subsequently used as a DDOS attack source to other devices accessible by their network.” read the report published by Juniper Networks. “The impacted systems were all using default passwords.”
Mirai bot exploits devices using default credentials, enabling remote command execution through SSH attacks to facilitate various malicious activities, including DDoS attacks.
Signs of Mirai activity include unusual port scanning, frequent failed SSH logins, spikes in outbound traffic, erratic device behavior, and connections from malicious IPs.
To mitigate the exposure to these threats, users are recommended to change default credentials, use strong passwords, review access logs, employ firewalls and IDS/IPS, and keep firmware up-to-date.
Below are actions recommended by Juniper Networks:
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Mirai)
