Advisory ID: NCC-CSIRT-2025-001
Summary
The Mirai malware is actively spreading in Nigeria’s cyberspace, targeting IoT devices with weak security settings. Once infected, these devices become part of a botnet used for large-scale DDoS attacks and other malicious activities. Organizations and individuals using IoT devices must take immediate steps to secure their infrastructure.
CVEs: CVE-2016-10401, CVE-2017-17215, CVE-2018-10088, CVE-2019-9580, CVE-2024-45163
Probability: High
Impact: Severe – Potential for large-scale botnet attacks, DDoS campaigns, and system compromise
Product (s): IoT Devices, Routers, DVRs, IP Cameras, Networked Devices
Version (s): Various firmware versions vulnerable to default or weak credentials
Platform (s): Linux-based IoT devices and embedded systems
Summary
The NCC-CSIRT has identified that the Mirai malware is active in Nigeria’s cyberspace, targeting IoT devices with weak security settings. Once infected, these devices become part of a botnet used for large-scale DDoS attacks and other malicious activities. Organizations and individuals using IoT devices must take immediate steps to secure their infrastructure.
Threat Type (s): Botnet, Malware, Distributed Denial-of-Service (DDoS), Credential Exploitation
Consequences
- Devices compromised and controlled by attackers.
- Participation in large-scale DDoS attacks affecting critical services.
- Unauthorized access to sensitive networks and data.
- Potential for further malware propagation within affected networks.
Description
Mirai is a self-propagating malware that infects IoT devices by exploiting weak/default credentials and unpatched vulnerabilities. Once infected, the device joins a botnet controlled by threat actors to launch massive DDoS attacks or other malicious activities. The malware continuously scans for additional vulnerable devices, increasing its attack surface. Reports indicate a rise in Mirai-related incidents in Nigeria, highlighting the urgent need for preventive measures.
Solution
- Change default credentials: Immediately update factory-set usernames and passwords on all IoT devices.
- Apply firmware updates: Ensure devices are running the latest firmware with security patches.
- Disable unnecessary services: Turn off remote management features that are not required.
- Implement network segmentation: Isolate IoT devices from critical networks to limit exposure.
- Use strong authentication: Enable multi-factor authentication (MFA) where possible.
- Monitor network traffic: Regularly check for unusual outbound traffic that may indicate botnet activity.
References
https://www.cisa.gov/news-events/alerts/2016/10/14/heightened-ddos-threat-posed-mirai-and other-botnets
https://www.quorumcyber.com/wp-content/uploads/2023/06/Quorum-Cyber-_Mirai-Botnet-Report.pdf
https://darktrace.com/fr/blog/mirai-malware-infects-cctv-camera