Juniper Networks is warning that Session Good Router (SSR) merchandise with default passwords are being focused as a part of a malicious marketing campaign that deploys the Mirai botnet malware.
The corporate stated it is issuing the advisory after “a number of clients” reported anomalous conduct on their Session Good Community (SSN) platforms on December 11, 2024.
“These methods have been contaminated with the Mirai malware and had been subsequently used as a DDOS assault supply to different units accessible by their community,” it stated. “The impacted methods had been all utilizing default passwords.”
Mirai, which has had its supply code leaked in 2016, has spawned a number of variants through the years. The malware is able to scanning for recognized vulnerabilities in addition to default credentials to infiltrate units and enlist them right into a botnet for mounting distributed denial-of-service (DDoS) assaults.
To mitigate such threats, organizations are beneficial to vary their passwords with fast impact to robust, distinctive ones (if not already), periodically audit entry logs for indicators of suspicious exercise, use firewalls to dam unauthorized entry, and preserve software program up-to-date.
A number of the indicators related to Mirai assaults embrace uncommon port scanning, frequent SSH login makes an attempt indicating brute-force assaults, elevated outbound visitors quantity to sudden IP addresses, random reboots, and connections from recognized malicious IP addresses.
“If a system is discovered to be contaminated, the one sure method of stopping the menace is by reimaging the system because it can’t be decided precisely what may need been modified or obtained from the machine,” the corporate stated.
The event comes because the AhnLab Safety Intelligence Middle (ASEC) revealed that poorly managed Linux servers, significantly publicly uncovered SSH companies, are being focused by a beforehand undocumented DDoS malware household dubbed cShell.
“cShell is developed within the Go language and is characterised by exploiting Linux instruments known as display screen and hping3 to carry out DDoS assaults,” ASEC stated.