According to a recent blog, an IT security firm noticed big upticks on port 2323 and 23 scan traffic, with almost 100k unique scanner IPs coming from Argentina. After investigation, the firm was confident that this activity was a new Mirai variant. Christopher Littlejohns, EMEA Manager at Synopsys commented below.
Christopher Littlejohns, EMEA Manager at Synopsys:
“The odds are that Mirai variants will keep popping up for years to come. Why? Because there are an enormous number of old (and all too often new), insecure, unpatched devices out there which constitute rich and easy pickings for hackers. The ZyXEL PK5001Z Modem is yet another device with hard-coded credentials that is deployed in enough numbers to be worthy of interest to enable potential future DoS attacks.
“What is perhaps more worrying is that the target is a router, therefore all internet and network traffic within a house or small business is likely to pass through it. This potentially makes the target all the more valuable to the attacker as it may facilitate more sophisticated credential stealing attacks that can be monetised. Manufactures of all internet connected devices need to learn the lesson that they must provide capabilities that help both sophisticated and unsophisticated users avoid the connection of a device with hardcoded or insecure credentials to the internet.
“Manufacturers should ensure that both the requirements are created for such capabilities, and that they are verified during development. End users are advised to pro-actively secure their devices where possible by ensuring usernames and passwords differ from default values and are sufficiently robust. The bottom line is “Don’t make it easy” for the bad guys. Leaving default usernames and passwords or backdoors in devices is tantamount to leaving your front door open and going on vacation. You wouldn’t want to do this to your house, so why would you permit it for your devices?”