Monday March 31, 2025

Advisory ID: NCC-CSIRT-2025-001

Summary

The Mirai malware is actively spreading in Nigeria’s cyberspace, targeting IoT devices with weak security settings. Once infected, these devices become part of a botnet used for large-scale DDoS attacks and other malicious activities. Organizations and individuals using IoT devices must take immediate steps to secure their infrastructure.

CVEs:                  CVE-2016-10401, CVE-2017-17215, CVE-2018-10088, CVE-2019-9580, CVE-2024-45163

Probability:        High

Impact:              Severe – Potential for large-scale botnet attacks, DDoS campaigns, and system compromise

Product (s):        IoT Devices, Routers, DVRs, IP Cameras, Networked Devices

Version (s):         Various firmware versions vulnerable to default or weak credentials

Platform (s):       Linux-based IoT devices and embedded systems

 

Summary

The NCC-CSIRT has identified that the Mirai malware is active in Nigeria’s cyberspace, targeting IoT devices with weak security settings. Once infected, these devices become part of a botnet used for large-scale DDoS attacks and other malicious activities. Organizations and individuals using IoT devices must take immediate steps to secure their infrastructure.

Threat Type (s): Botnet, Malware, Distributed Denial-of-Service (DDoS), Credential Exploitation

Consequences

  • Devices compromised and controlled by attackers.
  • Participation in large-scale DDoS attacks affecting critical services.
  • Unauthorized access to sensitive networks and data.
  • Potential for further malware propagation within affected networks.

Description

Mirai is a self-propagating malware that infects IoT devices by exploiting weak/default credentials and unpatched vulnerabilities. Once infected, the device joins a botnet controlled by threat actors to launch massive DDoS attacks or other malicious activities. The malware continuously scans for additional vulnerable devices, increasing its attack surface. Reports indicate a rise in Mirai-related incidents in Nigeria, highlighting the urgent need for preventive measures.

Solution

  • Change default credentials: Immediately update factory-set usernames and passwords on all IoT devices.
  • Apply firmware updates: Ensure devices are running the latest firmware with security patches.
  • Disable unnecessary services: Turn off remote management features that are not required.
  • Implement network segmentation: Isolate IoT devices from critical networks to limit exposure.
  • Use strong authentication: Enable multi-factor authentication (MFA) where possible.
  • Monitor network traffic: Regularly check for unusual outbound traffic that may indicate botnet activity.

References

https://www.cisa.gov/news-events/alerts/2016/10/14/heightened-ddos-threat-posed-mirai-and other-botnets

https://www.quorumcyber.com/wp-content/uploads/2023/06/Quorum-Cyber-_Mirai-Botnet-Report.pdf

https://darktrace.com/fr/blog/mirai-malware-infects-cctv-camera

https://nvd.nist.gov/vuln/detail/cve-2024-45163