Mirai botnet Archives

Default Passwords Cause Havoc for Juniper Routers

business router, default passwords, educate staff, Jupiter, Mirai botnet, monitor network, multi factor authentication, routerbusiness router, default passwords, educate staff, Jupiter, Mirai botnet, monitor network, multi-factor authentification, routersOphtek, LLC

Jan 2025

Strong passwords are vital to cybersecurity. A recent botnet attack highlights the serious risks of relying on default passwords instead of secure alternatives.

The Mirai malware, first detected in 2016, has been behind numerous botnet attacks in the past and has been very busy recently. A botnet attack gives a threat actor control over a large number of compromised PCs, allowing the threat actor to combine these infected PCs into a formidable strike force. These attacks often involve data theft, cryptojacking, brute force attacks, and phishing campaigns.

This latest attack was enabled by the presence of default passwords on routers manufactured by Juniper Networks. Default passwords are used on many devices, so it’s important to understand the mechanics behind this attack.

Mirai Starts Infecting Routers

The exploitation of Juniper routers began in mid-December. Customers accessing the internet with Juniper Session Smart routers began to notice unusual behavior with them. The Mirai malware was seen to be scanning specifically for these routers. Once this model of router was found, Mirai proceeded to compromise the router before utilizing it in a distributed-denial-of-service (DDoS) attack.

But what was unique about the Session Smart router? Why was Mirai singling this router out? Well, the answer proved to be simple: it was a router known to ship with a default password. Therefore, a threat actor could easily take control of the router if its password hadn’t been changed. Scan enough Session Smart routers and, eventually, one will be found with the default password still in place.

The main impact of a DDoS attack is a slowdown in PC performance, as all the PC’s resources are being directed into the attack. For a business, this is troubling as the majority of their PCs are likely to be dependent on similar routers. This means that this slowdown in productivity could have a major impact on a business’ performance.

Don’t Fall Victim to Default Passwords

Users of Session Smart routers have been advised to change their password from the default version to a unique and strong one. This is the best advice you can give when it comes to default passwords. Leaving them in place is simply inviting threat actors into your networks. However, there are further measures you can take to secure your devices:

Educate Users About Risks: Train your employees to understand the dangers of default passwords. Make sure they understand what is and isn’t a secure password, helping to build a culture of cybersecurity awareness.
Use Multifactor Authentication: The beauty of multifactor authentication is that it adds an extra layer of security to your defenses. Therefore, even if one of your passwords is compromised, additional authentication is required to access your devices and networks.
Monitor for Default Password Usage: It’s difficult to monitor every device and verify the status of its password, but you can get help with this. Many security tools – such as Kaspersky Industrial CyberSecurity for Networks – can scan devices connected to a network and determine if a default password is being used.

For more ways to secure and optimize your business technology, contact your local IT professionals.

GeoVision Devices Vulnerability Exploited by Botnet Malware

Cryptominer, firewall, GeoVision, Legacy devices, Legacy Software, Mirai botnet, Ophtek, patches, security measures, Updatescryptomining, GeoVision, legacy devices, legacy software, Mirai botnet, OphtekOphtek, LLC

Dec 2024

No software, as GeoVision has recently discovered, is 100% secure from malware, with many applications left exposed by vulnerabilities within their coding.

GeoVision develops and manufactures advanced video surveillance hardware along with the appropriate software for running it. From IP cameras through to eyeball and dome cameras, GeoVision promises to offer state-of-the-art surveillance to strengthen your security. Unfortunately, the discovery of a vulnerability within their software has demonstrated that their products are fa r from the definition of secure.

Let’s dive into what’s happened and the lessons we can take away.

Mirai Malware Strikes at the Heart of GeoVision

Legacy devices, those which are at their end-of-life stage, suffer from security problems due to a lack of updates. Once a product has reached this stage of their lifespan, developers feel it’s uneconomical to continue providing software updates and patches. The best option for consumers is to upgrade to the latest model to ensure their devices remain safe. But many consumers decide, instead, to save a few dollars and continue with their legacy products. And this is when vulnerabilities rear their ugly head.

A vulnerability has been detected in numerous GeoVisions devices – video servers, compact digital video recorders and Linux systems – which allows threat actors to run system commands on the affected devices. Not all vulnerabilities are exploited, but this one – known as CVE-2024-11120 – has already been taken advantage of. Most notably, the Mirai botnet has been detected as active on infected systems. Mirai, typically, is used to facilitate botnet attacks or carry out cryptomining activities – both of which lead to a drop in performance for affected systems.

Close to 17,000 GeoVision devices are at risk of being exploited, with close to half of these being located in the US. Potentially, threat actors could compromise crucial security devices and have a major impact on the security of businesses and their employees. At present, due to the affected devices falling under the end-of-life classification, GeoVision has not announced any plans to update the software running on them.

Navigating the Risks of Exploited Software

All hardware and software reaches a legacy status at some point, and it’s important that your business knows how to approach this. And even the most up-to-date products still require close attention to remain secure. Therefore, make sure you implement the following to keep your IT systems safe:

Install all Updates and Patches: One of your main priorities should be to regularly install all software updates to minimize the risk of vulnerabilities being exploited. These updates can easily be automated and ensure your systems are kept as secure as possible.
Conduct Regular Security Audits: It makes sense to carry out regular security audits to evaluate how secure your IT systems are. This could involve verifying that all default passwords are changed, making sure that your employees receive regular security refreshers, and monitoring network activity for unusual patterns.
Carry Out Basic Security Measures: The simplest methods are often the most effective against malware, so you need to be sure the basics are taken care of. This can range from installing firewalls and security suites on your infrastructure through to partitioning networks and limiting user privileges across your network.

For more ways to secure and optimize your business technology, contact y our local IT professionals.

Tag Archives: Mirai botnet