Many Sierra Wireless gateways compromised by Mirai botnet, warns US government

The US government’s Department of Homeland Security has warned owners of the Sierra Wireless gateway that they are being targeted by Mirai, a notorious malware family that has been creating a mighty global botnet from poorly-secured IOT devices.

Mirai has already made quite a name for itself by infecting all manner of internet-connected devices such as IP CCTV cameras and DVRs, rather than the conventional computers that are traditionally recruited into a botnet.

The Department of Homeland Security’s warning is not solely altruistic – although I’m sure they are genuine in their desire to have as many organisations and end users avoid being hijacked into a botnet as possible.

What the DHS is certainly also concerned about, however, is what will be done with the botnet. And the most likely use of a huge botnet exploiting IoT devices is to launch a massive Distributed Denial-of-Service (DDoS) attack, as the DHS explains in its advisory:

Based on the currently available information, once the malware is running on the gateway, it deletes itself and only runs in memory. The malware will then proceed to scan for vulnerable devices and report its findings back to a command and control server. The command and control server may also instruct the malware to participate in a DDoS attack on specified targets.

According to a technical bulletin issued by Sierra Wireless, the following Sierra Wireless products are said to be vulnerable:

• LS300
• GX400
• GX/ES440
• GX/ES450
• RV50

Mirai, you may recall, was the botnet which launched a Godzilla-sized DDoS attack against the website of security blogger Brian Krebs. No doubt there are plenty of companies and government organisations who would prefer not to find themselves on the receiving end of an attack like that, knocking their websites offline.

Once again, Mirai isn’t exploiting security vulnerabilities in Sierra Wireless’s hardware and software, but rather that many owners will not have changed the default username and passwords that the devices ship with.

The good news is that because the malware solely resides in memory on the infected devices the cure is to simply turn them off and on again, wiping memory in the process. But if you haven’t changed those login credentials, your Sierra Wireless gear will most likely be reinfected soon after you clean the malware off it.

But this, and previous attacks, underline the importance of changing default passwords whenever possible on devices that you attach to the public internet.

If you want to better secure all of your home’s connected devices against IoT threats, be sure to check out Bitdefender BOX.