Over 11,000 MikroTik router users at risk of cyber attacks.
A security flaw in MikroTik WiFi routers has left thousands in the subcontinent at risk of cyber attacks ranging from eavesdropping to cryptomining.
HYDERABAD: A security flaw in MikroTik WiFi routers has left thousands in the subcontinent at risk of cyber attacks ranging from eavesdropping to cryptomining. India is among the 10 countries worst affected by the cryptomining campaign and Reliane Jio Infocomm has the highest number of infected routers in the country, according to a report by Avast.
The anti-virus company’s research on its user base found that 11,809 routers were infected in India, putting it on the seventh position of countries with compromised routers.
At the top is Brazil with a staggering 85,230 infected routers targeted by crypto mining campaign JS:InfectedMikroTik.The campaign allows cybercriminals to exploit a vulnerability in MikroTik and inject scripts that further allow them to run software illegally. The software, in turn, can take over the computer’s resources and use them for cryptocurrency mining.
Researchers Martin Hron and David Jursa who are studying infected routers said, “When you try to reach any URL starting with http:// on an infected router, you will get HTTP error code 403 Forbidden via a custom error page which contains the above HTML code.” However, they found that the HTML code was, in fact, a script which launches a javascript cryptocurrency miner that runs in your browser. All this happens in the background while the user browses content, the report said.
Apart from this, the researchers noted that routers could have been targeted as owners did not change their default credentials or create strong passwords.
There is a need to take a closer look into the issue because just 5 per cent of MikroTik users in Avast’s database has the latest version of the firmware. Upgrading to the latest software will secure users from MikroTik’s vulnerability.
Another reason is that, according to the researchers, the campaign not just affects the router, but also all computers connected to it. “The bigger concern is that once the router is compromised, you are not really sure how else it might be abused. It could be used for sniffing traffic, serving you malicious pages etc,” they said.
The report recommended installing proper antivirus software to check if routers were infected or not. In the case of infected routers, Hron and Jursa urged users to reset them to factory settings and update firmware immediately.