DDoS attack vector rises as Sierra Wireless product compromised
18 October 2016 |
Data centres should be on the alert for an increase in botnet attacks as Sierra Wireless warns its AirLink gateway product has been compromised.
Sierra Wireless has been warning customers to change their default access credentials on AirLink gateway products after they discovered the wireless products have been compromised by Mirai malware.
Over the weekend the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued a security advisory warning that these products are susceptible to the Linux-based malware.
According to Sierra Wireless, that there have been reports of devices becoming infected due to the use of default credentials within the gateways' password ACEmanager.
The communications equipment maker says after the malware compromises a product, it deletes itself and resides only in memory before it starts to scan for more vulnerable devices and then contacts the Mirai server, which may then use the device in future DDoS attacks.
Sean Newman, director at Corero Network Security said: “It’s kind of understandable that passwords protecting the majority of network enabled consumer
“However, when it comes to commercial equipment, there is simply no excuse for IT professionals and installers of such equipment to leave devices in their default security state. Even for the simplest of devices which require any kind of configuration, there will be password controlled access which should be updated. Sierra’s products have been unlucky enough to become the next target, but that’s not due to anything remiss on their part, and there are many more vendors out there with products in the same position, waiting to become the next mass target. Well done to Sierra for proactively reaching out to their customers and highlighting the risk and reminding them to do, essentially, what they should have done anyway!”
1h | Alan Burkitt-Gray
3h | Alan Burkitt-Gray