The Mirai botnet is targeting also Sierra Wireless cellular data gear products

Sierra Wireless is warning its customers to change factory credentials of its AireLink gateway communications products due to Mirai attacks.

Sierra Wireless is warning its customers to change factory credentials of its AireLink gateway communications product.

The company is aware of a significant number of infections caused by the Mirai malware, a threat specifically designed to compromise poorly configured IoT devices.

The malware was first spotted in August by MalwareMustDie have analyzed samples of this new ELF trojan backdoor. The name of the malware is the same of the binary,”mirai.*,” and according to the experts, several attacks have been detected in the wild.

The Mirai malware scans the web searching for connected devices such as DVRs and IP-enabled cameras that use default or hard-coded credentials.

Back to the to the Sierra Wireless alert, the company is warning its customers that of Mirai attacks against the AirLink Cellular Gateway devices (LS300, GX400, GX/ES440, GX/ES450 and RV50).

“Sierra Wireless has confirmed reports of the ‘Mirai’ malware infecting AirLink gateways that are using the default ACEmanager password and are reachable from the public internet. The malware is able to gain access to the gateway by logging into ACEmanager with the default password and using the firmware update function to download and run a copy of itself,” Sierra Wireless wrote in a security bulletin . “Devices attached to the gateway’s local area network may also be vulnerable to infection by the Mirai malware.”

The Mirai botnet was involved in a number of severe attacks, according to the experts it powered DDoS attacks against the website of the popular investigator Brian Krebs and the OVH hosting provider that reached 1Tbps.

Unfortunately, the number of malware specifically designed to infect IoT systems continue to increase. This week, Security Affairs published in exclusive the discovery of a new threat, dubbed NyaDrop, made by experts at MalwareMustDie.

“There is evidence that ‘Internet of Things’-type devices have been infected with the Linux malware Mirai, which attackers used in the recent DDoS attacks against the web site Krebs on Security,” reads a security bulletin published by the US ICS-CERT. 

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – IoT , Sierra Wireless)