The Latvia-based router company MikroTik produces routers and wireless IPS devices. With over 2 million units deployed worldwide, the company’s devices are often being targeted by cyberattacks for DDoS attacks, command-and-control, traffic tunneling, and more.
Remotely exploitable flaws
20,000 MikroTik devices were exposed that injects cryptocurrency mining scripts
Security researchers have discovered vulnerabilities on MikroTik devices in 2018. Although the company has released a patch and fixed the vulnerabilities, there are still unpatched devices on the internet. Because the IT managers did not apply the patches, these devices remain vulnerable. According to the researchers, that creates a security risk for at least 300,000 IP addresses.
The security flaws are remotely exploitable. The vulnerable devices are mostly located in Brazil, Russia, China, Indonesia, and Italy. These vulnerabilities have been patched by MikroTik since they have been found.
A few months ago, a botnet called Meris deployed a massive denial-of-service attack, targeting Russian internet company Yandex. The attack was using a security vulnerability on the operating system of MikroTik’s network devices. Then the flaw was immediately patched by the company. In addition to that, 20,000 MikroTik devices were exposed that injects cryptocurrency mining scripts into web pages.
The security researchers note that while the devices are powerful, they often find them highly vulnerable.