- Juniper warns Mirai botnet is scanning for vulnerable routers
- The campaign began in mid-December 2024 and included DDoS attacks
- Researchers say users should step up security
Operators of Mirai botnet are back, looking for easy-to-hack Session Smart router Assimilate, experts warn.
Cybersecurity researchers at Juniper Networks recently released a new security advisory warning its customers of ongoing threats, stating malware Scanning for Internet-connected Session Smart Routers using default login credentials.
Attacks falling into this category are exploited and used for a variety of malicious activities, but primarily distributed denial of service (Distributed Denial of Service)attack. The campaign apparently began on December 11 and may still be ongoing.
Mirai’s Turbulent Past
“On Wednesday, December 11, 2024, some customers reported suspicious behavior on their Session Smart Networking (SSN) platform,” Juniper said in a security advisory. “Anyone who does not follow recommended best practices and remains Customers using default passwords may be considered compromised because the default SSR password is added to the virus database.”
The best way to protect against threats is to ensure that your network-connected devices do not use factory login credentials. Instead, protect them with strong passwords and, if possible, place them behind a firewall.
The Mirai botnet is notorious for targeting Internet of Things (IoT) devices and then using them to launch large-scale DDoS attacks. It is also known for exploiting weak or preset credentials on devices such as routers, cameras, and other IoT hardware. It was first discovered in 2016 but gained notoriety after targeting Krebs on Security in September 2016 and launching the Dyn DNS attack in October 2016.
Mirai is arguably the most popular botnet, but it’s not the only threat. StormBot, Mozi, Satori or Mantis are all malware variants known for launching destructive attacks on the Internet. It has also endured multiple takedown attempts, including source code leaks in 2016, developer arrests in 2017, and multiple law enforcement actions.
through Computer beeps