According to a recent blog, an IT security firm noticed big upticks on port 2323 and 23 scan traffic, with almost 100k unique scanner IPs coming from Argentina. After investigation, the firm was confident that this activity was a new Mirai variant. Christopher Littlejohns, EMEA Manager at Synopsys commented below.
Christopher Littlejohns, EMEA Manager at Synopsys:
“What is perhaps more worrying is that the target is a router, therefore all internet and network traffic within a house or small business is likely to pass through it. This potentially makes the target all the more valuable to the attacker as it may facilitate more sophisticated credential stealing attacks that can be monetised. Manufactures of all internet connected devices need to learn the lesson that they must provide capabilities that help both sophisticated and unsophisticated users avoid the connection of a device with hardcoded or insecure credentials to the internet.
“Manufacturers should ensure that both the requirements are created for such capabilities, and that they are verified during development. End users are advised to pro-actively secure their devices where possible by ensuring usernames and passwords differ from default values and are sufficiently robust. The bottom line is “Don’t make it easy” for the bad guys. Leaving default usernames and passwords or backdoors in devices is tantamount to leaving your front door open and going on vacation. You wouldn’t want to do this to your house, so why would you permit it for your devices?”