Default Passwords Cause Havoc for Juniper Routers

business router, default passwords, educate staff, Jupiter, Mirai botnet, monitor network, multi factor authentication, router, , , , , , ,
14
Jan 2025

Strong passwords are vital to cybersecurity. A recent botnet attack highlights the serious risks of relying on default passwords instead of secure alternatives.

The Mirai malware, first detected in 2016, has been behind numerous botnet attacks in the past and has been very busy recently. A botnet attack gives a threat actor control over a large number of compromised PCs, allowing the threat actor to combine these infected PCs into a formidable strike force. These attacks often involve data theft, cryptojacking, brute force attacks, and phishing campaigns.

This latest attack was enabled by the presence of default passwords on routers manufactured by Juniper Networks. Default passwords are used on many devices, so it’s important to understand the mechanics behind this attack.

Mirai Starts Infecting Routers

The exploitation of Juniper routers began in mid-December. Customers accessing the internet with Juniper Session Smart routers began to notice unusual behavior with them. The Mirai malware was seen to be scanning specifically for these routers. Once this model of router was found, Mirai proceeded to compromise the router before utilizing it in a distributed-denial-of-service (DDoS) attack.

But what was unique about the Session Smart router? Why was Mirai singling this router out? Well, the answer proved to be simple: it was a router known to ship with a default password. Therefore, a threat actor could easily take control of the router if its password hadn’t been changed. Scan enough Session Smart routers and, eventually, one will be found with the default password still in place.

The main impact of a DDoS attack is a slowdown in PC performance, as all the PC’s resources are being directed into the attack. For a business, this is troubling as the majority of their PCs are likely to be dependent on similar routers. This means that this slowdown in productivity could have a major impact on a business’ performance.

Don’t Fall Victim to Default Passwords

Users of Session Smart routers have been advised to change their password from the default version to a unique and strong one. This is the best advice you can give when it comes to default passwords. Leaving them in place is simply inviting threat actors into your networks. However, there are further measures you can take to secure your devices:

  • Educate Users About Risks: Train your employees to understand the dangers of default passwords. Make sure they understand what is and isn’t a secure password, helping to build a culture of cybersecurity awareness.
  • Use Multifactor Authentication: The beauty of multifactor authentication is that it adds an extra layer of security to your defenses. Therefore, even if one of your passwords is compromised, additional authentication is required to access your devices and networks.
  • Monitor for Default Password Usage: It’s difficult to monitor every device and verify the status of its password, but you can get help with this. Many security tools – such as Kaspersky Industrial CyberSecurity for Networks – can scan devices connected to a network and determine if a default password is being used.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Cuttlefish Malware is Putting Your Routers at Risk

bash script, brute force hacking, Cuttlefish, Data Breach, HiatusRAT, malware, Ophtek, router firmware update, zero-day vulnerabilities, , , , , , , ,
11
Jun 2024

A new strain of malware, dubbed Cuttlefish, which attempts to hijack your router has been discovered, and it poses a major threat to your data.

The experts at Black Lotus Labs recently discovered a number of routers had been compromised by a previously unseen malware. The security researchers named the malware Cuttlefish, and found it had compromised numerous enterprise-level and small office/home routers. The threat actors are not currently known, but the main impact of Cuttlefish is that it stealthily steals data once it has a foothold. Data breaches, of course, represent a major incident for businesses, so it’s crucial you keep your routers safe.

Decoding the Danger Behind Cuttlefish

The exact attack method behind Cuttlefish is unknown, but it’s been revealed there are similarities between its source code and that of the HiatusRAT malware. Black Lotus Labs believe Cuttlefish may launch its attack either through a zero-day vulnerability or by using good old fashioned brute force hacking methods.

Whatever the nature of its attack, which was first executed in July 2023, Cuttlefish hands control of the compromised router over to a set of threat actors. This is achieved by instructing an infected router to execute a Bash script – a text file containing a set of commands – which sends data to a remote Command & Control (C2) server. The first action taken by the C2 server is to send back the Cuttlefish malware, this is then installed on the compromised router.

From here, Cuttlefish can monitor all traffic passing through the router and any devices connected to it. Cleverly, Cuttlefish is designed to establish a VPN tunnel, which is then used to extract sensitive data, such as login credentials, from the router’s traffic. These attack methods mark Cuttlefish out as a highly stealthy and dangerous strain of malware, one with the ability to expose and misuse confidential data.

Fighting Back Against the Threat of Cuttlefish

As very little of the mechanics behind Cuttlefish are known, it’s difficult to pinpoint a single solution. For now, all the attacks have been focused on routers based in Turkey. But this can quickly change if threat actors behind Cuttlefish decide to start targeting global victims.

While there isn’t, for example, a simple security patch to install, you can still protect your organization’s routers by following these best security practices:

  • Always Install Updates: routers, like all hardware, rely on firmware updated and patches to maintain their security and maximize performance. But not everyone prioritizes installing these updates. And this approach can put your router at risk of being exploited by a vulnerability. Therefore, where possible, automate updates for your routers (and all devices) or manually install updates as soon as possible.
  • Regularly Change Your Router Credentials: it’s vital you regularly change the password associated with your router. Otherwise, you run the risk of allowing external threats to essentially live on your router. And as well as regularly changing your password, it’s important that you generate strong and unique passwords every time.
  • Monitor Network Traffic: unusual activity on your network, such as high-volume traffic to unknown destinations should always be scrutinized. Accordingly, you need to implement specialized software and hardware tools to analyze your network traffic and raise alerts when abnormal traffic patters are detected. This will maintain both the integrity and security of your network.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More