The Silicon Review
05 September, 2018
Another day, another hack!
It’s been just a month that the news of a crypto-mining malware campaign that compromised more than 200,000 MikroTik routers was out. And now, another report is creating a disturbance.
Chinese security researchers at Qihoo 360 Netlab have recently found that more than 7500 routers were compromised to actively eavesdrop on the targeted network traffic.
Exploited by the CIA Vault 7 hacking tool called Chimay Red, the vulnerabilities in all the MikroTik routers are Winbox (CVE-2018-14847) and Webfig remote code execution vulnerability. With communication ports TCP/8291, TCP/80, and TCP/8080, both Winbox and Webfig are RouterOS management components. Basically designed for Microsoft Windows, Winbox allows attackers to manually configure the pwned routers to bypass authentication and read arbitrary files.
As a safety move, vendors have rolled out security updates to close the loophole. But according to researchers, there is still a numerous number of MikroTik routers that are vulnerable to CVE-2018-14847. Victims of the malware campaign are spread across several nations: Russia, Iran, Brazil, India, Ukraine, Bangladesh, Indonesia, Ecuador, the United States, Argentina, Colombia, Poland, Kenya, Iraq, and few more European and Asian nations with Russia being the most affected.
If you think even your router is affected, the best way to protect yourself is to PATCH. It is highly recommended that users update their MikroTik routers and check if the HTTP proxy, Socks4 proxy, and network traffic capture function are being maliciously exploited.
The ongoing Covid pandemic had significantly increased the number of mobile and internet users worldwide. The high amount of usage is expected to drop...
Singapore’s open economy depends heavily on tourism and business. But its vibrant but small economy has been hurting as the circumstances due to...
2020 has been an unforgettable year for many of us. The ongoing Covid crisis has reminded people that it is very important to have an uninterrupted an...
Department of Telecommunications (DoT) is all set to announce the new schedule for 5G trials. The Dot made this decision after being pulled by the par...