Friday, December 10, 2021

 

MIKROTIK


Branded routers threaten the security of the entire Internet

According to the researchers, around 300,000 MikroTik routers are vulnerable to remote attacks, which can secretly include devices in botnets designed to steal confidential user data and carry out DDoS attacks that damage the Internet.

The assessment, by Eclypsium security researchers, is based on scanning the Internet to find MikroTik routers running firmware versions that contain vulnerabilities found within the last three years. Although the manufacturer has released fixes, Eclypsium research shows that many users have not installed them. The company notes that such neglect gives attackers many opportunities to gain full control over devices that are powerful enough to carry out network attacks.

Researchers are far from being theorists. In early 2018, Kaspersky Lab researchers announced that a powerful malware called Slingshot, which had gone unnoticed for six years, was initially spread across MikroTik routers. Slinghost downloaded malicious files from infected routers to connected computers using a MikroTik configuration utility known as Winbox. A few months later, Trustwave researchers discovered two malware campaigns targeting MikroTik routers after reverse engineering a leaked CIA tool called Vault7. In the same 2018, Chinese Netlab 360 reported that thousands of MikroTik routers were involved in a botnet using malware exploiting the vulnerability.

Eclypsium researchers claim that CVE-2018-14847 is one of three high-severity vulnerabilities that have not been patched on MicroTik devices that have identified that they are connected to the Internet. Overall, the company's experts have discovered more than 300,000 MikroTik routers affected by the CVE-2018-14847, CVE-2019-3977, and CVE-2019-3978 vulnerabilities. Once a device is infected, hackers often use it for further attacks, stealing user data or participating in distributed attacks.

Researchers have released an open source tool that people can use to determine if their device is vulnerable or infected. However, the best way to keep yourself and your device safe is to install the latest firmware provided by the manufacturer. It is also important to change the default passwords and disable remote administration if not needed.

AVnews

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

  DIGITAL LIFE Connected, Screen-Free Children: the alternative that promises more safety in childhood Early exposure to screens is already ...

  • (no title)
    TECH In Memoriam: The Tech That Died in 2018 A bongo enthusiast once said, "time is a flat circle," which is a pretentious...
  • (no title)
      OPPO New and unprecedented model Find X6 will debut with a huge photo sensor Oppo has a strong smartphone lineup lately, offering great fo...
  • (no title)
      DIGITAL LIFE Virtual prostitution(girls sell communication with their virtual copies) Karyn Marjorie, a 23-year-old American social media ...