Threat Management, Malware, Patch/Configuration Management, Threat Management, Vulnerability Management

Sierra Wireless issues ICS-ALERT to warn users of Mirai threat

Sierra Wireless issued a warning to users urging them to change their default factory credentials on AireLink gateway communications gear to prevent being compromised by the Mirai botnet.

Publicly available credentials could allow the botnet to seize control of vulnerable devices and use them to launch Distributed Denial of Service (DDoS) attacks against Internet web sites, according to an Oct. 12 Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) advisory.

The alert is intended for users of the LS300, GX400, GX/ES440, GX/ES450, and RV50 products.

Last week Sierra Wireless confirmed reports of the Mirai infections in its devices.

“Sierra Wireless has confirmed reports of the ‘Mirai' malware infecting AirLink gateways that are using the default ACEmanager password and are reachable from the public internet,” the firm said in an Oct. 4 technical bulletin. “The malware is able to gain access to the gateway by logging into ACEmanager with the default password and using the firmware update function to download and run a copy of itself.” 

Users with the affected products are urged to reboot their gateway to eliminate any existing Mirai malware and immediately change the ACEmanager password to a secure and unique value. Default passwords may be changed by logging into the ACEmanager and navigating to “Admin > Change Password” or by remotely changing the password using the AirLink Management Service (ALMS).

Botnets exploiting devices like these have made recent DDos attacks stronger and more successful because they come from a larger area and making them harder to mitigate, Tripwire Senior Director of Security Research and Development Lamar Bailey told SCMagazine.com via emailed comments.

“With this rush to get new devices to market we find the consumer devices are not as secure as people assume,” Bailey said. “Many of the devices lack some of the fundamental security controls like requiring default password changes or using unique passwords for each device.”  

He added that botnets take advantage of users who often just set up their device per install instructions and trust it will be secure. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.