Cybercriminals Are Weaponizing MikroTik Devices: Here’s How

Cybercriminals Are Weaponizing MikroTik Devices: Here’s How

Cyberattacks are so common that security experts sometimes jokingly say there are two types of organizations: those that have been attacked, and those that don’t realize they have been attacked.

When one hears the term “cyberattack”, obvious phishing emails and malware from suspicious sites come to mind, but in reality cyberattacks are often more complex and exploit inherent vulnerabilities in end user devices.

Cybersecurity researchers discovered in late 2021 that MikroTik devices are being targeted, and weaponized, by criminals.

What Is MikroTik?

Though not exactly a household name, Latvian company MikroTik has grown significantly since its founding in 1996. More than two million of its products—mainly routers and wireless ISP devices—are currently in use worldwide.

MikroTik devices are both powerful and affordable, which has made them a top choice for some consumers

But MikroTik devices are also uniquely vulnerable to cyberattacks, researchers from the cybersecurity firm, Eclypsium, found.

Why Are MikroTik Devices Vulnerable to Cyberattacks?

Like many similar devices, those produced by MikroTik often come with default credentials (such as “admin”) and without default Wide Area Network (WAN) settings.

MikroTik devices also have “an incredibly complex configuration interface,” according to the researchers, who noted that this makes it easy for end users to make mistakes, thus exposing themselves to attacks.


Crucially, MikroTik devices rarely have the auto-upgrade feature turned on. In other words, tens of thousands of them are never updated.

RELATED: What Is a Firmware Update and Why Does Your Device Need One?

And because they are so powerful, MikroTik routers and wireless systems are used by enterprises and internet service providers, which makes them a very attractive target for cybercriminals.

Eclypsium has identified around 300,000 vulnerable MikroTik devices in total spread out around the world, with China, Brazil, Russia, Italy, and Indonesia having the highest number of vulnerable products.

World map with routers

As they were scanning MikroTik products for vulnerabilities, Eclypsium researchers identified around 20,000 devices around the world that have been injecting cryptocurrency mining scripts into webpages.

55 percent of the affected devices were injecting the Miner_CoinHive script, 22 percent were injecting Miner_OMINE, and 13 percent Miner_scripcom.

Four other common vulnerabilities were discovered in MikroTik products: CVE-2019-3977, CVE-2019-3978, CVE-2018-14847, and CVE-2018-7445.

According to Eclypsium, cybercriminals have compromised and weaponized thousands of MikroTik devices, turning them into “launchpads” for powerful botnets.

In a statement supplied to The Hacker News, MikroTik said “there are no new vulnerabilities in RouterOS” and stressed that it has been reaching out to users and urging them to update their devices, since the company is not able to do so itself.

How to Protect Your MikroTik Devices

MikroTik customers should download Eclypisum’s free github tool. This program will scan any MikroTik device for vulnerabilities and threats.

The company has advised all of its customers with compromised devices to:

  • Change passwords.
  • Regularly update devices.
  • Use a secure VPN service if remote access is necessary.
  • Inspect RouterOS configuration for unknown settings.
  • Block all domains and tunnel endpoints associated with the Meris botnet.

Clearly, these instructions don’t exactly apply to everyday users. If you happen to be one and own a MikroTik device, your best bet would be to contact an IT professional, or your internet service provider, and ask for assistance.

Don’t Forget Router Security

Eclypisum’s findings show that nobody is fully immune to cyberattacks and demonstrate how even devices made by reputable technological companies can be successfully targeted by criminals.

Investing in reliable anti-malware protection is a must, but at the end of the day it all comes down to keeping essential cybersecurity tips in mind at all times, staying vigilant, and taking precautions.

And lastly, most people tend to overlook router security, but there are several easy ways to protect your network and make it nearly impossible for intruders to breach it.

7 Simple Tips to Secure Your Router and Wi-Fi Network in Minutes

Follow these tips to secure your home router and prevent people from intruding on your network.

Read Next

About The Author

Original Link

Leave a Comment

Your email address will not be published.

Scroll to Top