Several Juniper customers have had to deal with compromised routers because the devices were still using standard passwords, the network company said. Last Wednesday, several customers reported suspicious behavior on their Session Smart Routers (SSR). The devices were found to be infected with a variant of the Mirai malware and were used to carry out DDoS attacks.
“The affected systems were all using default passwords. Any customer who does not follow recommended best practices and is still using default passwords may be considered compromised as the default SSR passwords have been added to the virus database,” Juniper said in a Knowledge Base article. Mirai malware uses infected devices to search the Internet for other devices with default passwords, which are then infected and become part of the botnet.
In the article, Juinper provides several clues that organizations can use to determine the presence of malware on their routers. In addition, advice is given to prevent infection, including changing default passwords. In the case of compromised routers, Juniper recommends re-imageing the system in question because it cannot be determined exactly what the attacker modified or obtained from the device.
