Juniper Networks reported an incident on December 11, 2024, where multiple customers experienced suspicious behavior on their Session Smart Network (SSN) platforms. These systems were infected with Mirai malware, which employed the devices in DDoS attacks, causing network disruptions. The malware exploited devices still using default passwords, facilitating unauthorized access and remote command execution. Juniper Networks outlined that signs of Mirai's presence included port scanning, failed SSH logins, spikes in outbound traffic, and erratic behavior. The company recommended enhancing security by changing default credentials, monitoring logs, using firewalls and IDS/IPS, and keeping firmware updated to mitigate the risk of future attacks.
Source: https://securityaffairs.com/172157/malware/juniper-networks-mirai-botnet.html
TPRM report: https://scoringcyber.rankiteo.com/company/juniper-networks
"id": "jun000122024",
"linkid": "juniper-networks",
"type": "Breach",
"date": "12/2024",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'customers_affected': 'Multiple',
'industry': 'Technology',
'name': 'Juniper Networks',
'type': 'Company'}],
'attack_vector': 'Unauthorized Access and Remote Command Execution',
'date_detected': 'December 11, 2024',
'description': 'Juniper Networks reported an incident on December 11, 2024, '
'where multiple customers experienced suspicious behavior on '
'their Session Smart Network (SSN) platforms. These systems '
'were infected with Mirai malware, which employed the devices '
'in DDoS attacks, causing network disruptions. The malware '
'exploited devices still using default passwords, facilitating '
'unauthorized access and remote command execution. Juniper '
"Networks outlined that signs of Mirai's presence included "
'port scanning, failed SSH logins, spikes in outbound traffic, '
'and erratic behavior. The company recommended enhancing '
'security by changing default credentials, monitoring logs, '
'using firewalls and IDS/IPS, and keeping firmware updated to '
'mitigate the risk of future attacks.',
'impact': {'operational_impact': 'Network Disruptions',
'systems_affected': 'Session Smart Network (SSN) platforms'},
'initial_access_broker': {'entry_point': 'Default Passwords'},
'motivation': 'DDoS Attacks',
'post_incident_analysis': {'corrective_actions': ['Change default credentials',
'Monitor logs',
'Use firewalls and IDS/IPS',
'Keep firmware updated'],
'root_causes': 'Default Passwords'},
'recommendations': ['Enhance security by changing default credentials',
'Monitor logs',
'Use firewalls and IDS/IPS',
'Keep firmware updated'],
'response': {'remediation_measures': ['Change default credentials',
'Monitor logs',
'Use firewalls and IDS/IPS',
'Keep firmware updated']},
'title': 'Mirai Malware Infection on Juniper Networks SSN Platforms',
'type': 'Malware Infection',
'vulnerability_exploited': 'Default Passwords'}