Sierra Wireless is warning customers to change default factory credentials on its AireLink gatway communications gear or risk being infected by Mirai malware.
Mirai malware scans the Internet for IoT gear such as DVRs and IP-enabled cameras and other devices that are protected by default or hard-coded credentials, and forces them to join botnets used in DDoS attacks. But now, according to Sierra Wireless, the malware is broadening its reach from DVRs and CCTV cameras and is targeting connected automotive, manufacturing and a broad mix of industrial control equipment that connects to the Internet.
“There is evidence that ‘Internet of Things’-type devices have been infected with the Linux malware Mirai, which attackers used in the recent DDoS attacks against the web site Krebs on Security,” said the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) in a bulletin issued Friday.
Earlier this week, Sierra Wireless warned customers that a number of its AirLink Cellular Gateway devices were at risk of the Mirai malware (LS300, GX400, GX/ES440, GX/ES450 and RV50).
“Sierra Wireless has confirmed reports of the ‘Mirai’ malware infecting AirLink gateways that are using the default ACEmanager password and are reachable from the public internet. The malware is able to gain access to the gateway by logging into ACEmanager with the default password and using the firmware update function to download and run a copy of itself,” Sierra Wireless wrote in a bulletin (PDF). “Devices attached to the gateway’s local area network may also be vulnerable to infection by the Mirai malware.”
Since security journalist Brian Krebs’ website was targeted last month in a massive DDoS attack, that peaked at better than 620 Gbps, things have gotten worse. Earlier this month hackers released the source code for the malware to the public on the Hackforums website.
Mirai is not the only malware industrial control firms have to worry about. A similar malware called BASHLITE also targeted IoT devices. Like Mirai, BASHLITE targets security cameras and DVRs that are configured with telnet and web interfaces enabled and use default credentials. Security experts say IoT devices are becoming bigger and more attractive targets for hackers. That’s because devices often run embedded or stripped-down versions of the Linux OS that lack security features and are extremely hard – if not impossible – to update.