Threat actors often prey on vulnerable devices to break into targeted networks. With most employees working remotely, cybercriminals increased their hacking attempts targeting vulnerable commercial IoT devices like Wi-Fi routers. Recently, a security research report from Eclypsium revealed that over 300,000 IP addresses related to MikroTik devices were exposed to remotely exploitable security vulnerabilities.
“These devices are both powerful, [and] often highly vulnerable. This has made MikroTik devices a favorite among threat actors who have commandeered the devices for everything from DDoS attacks, command-and-control (C2), traffic tunneling, and more. An attacker could use well-known techniques and tools to potentially capture sensitive information, such as stealing MFA credentials from a remote user using SMS over Wi-Fi. As with previous attacks, enterprise traffic could be tunneled to another location or malicious content injected into valid traffic,” the researchers added,” the report said.
Based in Europe, MikroTik is a popular provider of routers, wireless ISP systems, hardware, and software for Internet connectivity worldwide.
MikroTik routers are an enticing target as more than two million devices are deployed globally, becoming a lucrative opportunity for attackers. According to the report, the most affected MikroTik devices are located in Russia, China, Brazil, Indonesia, Italy, Indonesia, and the U.S.
Also Read: BotenaGo – A New Malware Targeting Millions of IoT Devices
The flaws in MikroTik devices could expose users and enterprises to a wide variety of security risks. They can allow remote access to hackers to exploit and penetrate the network. The discovered security flaws include:
Besides, the researchers found 20,000 exposed MikroTik devices that injected cryptocurrency mining scripts into web pages that users visited. The ability for compromised routers to inject malicious content, tunnel, copy, or reroute traffic can be used in various highly damaging ways. DNS poisoning could redirect a remote worker’s connection to a malicious website or introduce a machine-in-the-middle,” the researchers added.
MikroTik has listed measures to secure the devices.These include:
The post Around 300,000 MikroTik Devices Vulnerable to Hacker Intrusions appeared first on CISO MAG | Cyber Security Magazine.
Click to Open Code Editor