Mirai DDoS botnet powers up, infects Sierra Wireless gateways

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,378
Sierra Wireless is warning customers to change their default access credentials on AirLink gateway products after discovering the wireless products are being compromised by Mirai malware.

Mirai, a malware and botnet combination recently publicized after a 620 Gbps distributed denial-of-service (DDoS) attack on the prominent security blog Krebs on Security, enslaves thousands -- if not millions -- of vulnerable Internet of Things (IoT) devices, including DVRs, CCTV surveillance cameras, and routers.

Now, it seems the malware's operators could be scanning the web for Sierra Wireless gateway devices vulnerable to exploit.

On Friday, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued a security advisory warning that these products are vulnerable to the Linux-based malware and may end up on the malicious code's current hit list due to the use of default factory credentials, which are easily available online.

Sierra Wireless LS300, GX400, GX/ES440, GX/ES450, and RV50 gateways may be particularly vulnerable to the malware. According to Sierra Wireless, that there have been reports of devices becoming infected due to the use of default credentials within the gateways' password ACEmanager.

"ICS-CERT would like to emphasize that there is no software or hardware vulnerability being exploited in the Sierra Wireless devices by the Mirai malware," the advisory reads. "The issue is configuration management of the device upon deployment."

The communications equipment maker says that once the malware compromises a gateway product, it deletes itself and lives only in memory before scanning for additional vulnerable devices and reporting back to the Mirai command-and-control (C&C) server, which may then enslave the device in future DDoS attacks.

Read more: Mirai DDoS botnet powers up, infects Sierra Wireless gateways | ZDNet
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top