Akamai Uncovers Thousands of Devices Vulnerable to Mirai Malware Attacks

A worrisome discovery by the Akamai Security Intelligence Response Team (SIRT) has raised significant cybersecurity concerns, as two new zero-day vulnerabilities threaten thousands of routers and network video recorders (NVRs) around the world. Cybersecurity researchers at Akamai, a renowned networking company, have alerted the public to the fact that these vulnerabilities are being exploited by hackers to facilitate distributed denial-of-service (DDoS) attacks.

These attacks involve the malicious enlistment of a large number of compromised devices, known collectively as a botnet, to overload and impede the services of targeted online platforms and infrastructures.

Akamai's diligent cybersecurity experts tracked the activity of a particular botnet, discovering that it had harnessed the power of devices remotely compromised by variations of the notorious Mirai malware. This malware family is infamous for its role in some of the most substantial DDoS attacks in history. According to Akamai SIRT's revelations, the botnet leveraged router and NVR devices that were poorly secured with default administrative credentials, essentially low-hanging fruit for hackers seeking to deploy Mirai variants.

Among the products at risk are network video recorders and a particular model of an outlet-based wireless LAN router manufactured by a Japanese company. This router has found its way into the infrastructure of many hotels and private homes, becoming a mainstay in daily internet access for users in these environments. Due to the vulnerabilities, these devices are now unwitting participants in cybercriminal activities.

Akamai SIRT disclosed that they had identified over 7,000 vulnerable devices, but stipulated that the figure could be merely the tip of the iceberg. There is a conceivable risk that additional models from the same manufacturer might be susceptible to the same security flaws. As of now, the specific models affected by the vulnerabilities are not publicly known, with Akamai withholding the names of the vendors as a responsible measure while awaiting further information on the impacted devices and the deployment of security patches.

The seriousness of this threat cannot be overstated. Devices compromised by these vulnerabilities could serve as a launchpad for large-scale cyber-attacks that can cripple websites, disrupt businesses, and potentially impact critical infrastructure. However, there is a silver lining in this ominous cloud. Akamai has announced that a patch for these critical security issues is anticipated to be released in December 2023. Following this rollout, further details about the affected devices and vulnerabilities are expected to be revealed.

The discovery comes during a time when cybersecurity is more important than ever, as the reliance on digital connectivity continues to grow exponentially. While the tech community awaits the patches, it is crucial for organizations and individuals to be vigilant, ensuring that all internet-connected devices are adequately protected with updated security measures and strong passwords.