Banking And InsuranceCryptocurrencyDigital MarketingErpFood And BeveragesHealthcareLegalMarketing And AdvertisingMedia And EntertainmentMetals And MiningOil And GasRetailTelecom
Artificial IntelligenceBig DataCloudCyber SecurityE CommerceEducationGaming And VfxIT ServiceMobileNetworkingSAPScience And TechnologySecuritySoftwareStorage
CiscoDatabaseGoogleIBMJuniperM2MMicrosoftOracleRed Hat
CEO ReviewCompany Review

The Silicon Review Asia

Pwned MikroTik Routers Eavesdrops On Network Traffic

Pwned MikroTik Routers Eavesdrops On Network Traffic

Another day, another hack!

It’s been just a month that the news of a crypto-mining malware campaign that compromised more than 200,000 MikroTik routers was out. And now, another report is creating a disturbance.

Chinese security researchers at Qihoo 360 Netlab have recently found that more than 7500 routers were compromised to actively eavesdrop on the targeted network traffic.

Exploited by the CIA Vault 7 hacking tool called Chimay Red, the vulnerabilities in all the MikroTik routers are Winbox (CVE-2018-14847) and Webfig remote code execution vulnerability. With communication ports TCP/8291, TCP/80, and TCP/8080, both Winbox and Webfig are RouterOS management components. Basically designed for Microsoft Windows, Winbox allows attackers to manually configure the pwned routers to bypass authentication and read arbitrary files.

As a safety move, vendors have rolled out security updates to close the loophole. But according to researchers, there is still a numerous number of MikroTik routers that are vulnerable to CVE-2018-14847. Victims of the malware campaign are spread across several nations: Russia, Iran, Brazil, India, Ukraine, Bangladesh, Indonesia, Ecuador, the United States, Argentina, Colombia, Poland, Kenya, Iraq, and few more European and Asian nations with Russia being the most affected.

If you think even your router is affected, the best way to protect yourself is to PATCH. It is highly recommended that users update their MikroTik routers and check if the HTTP proxy, Socks4 proxy, and network traffic capture function are being maliciously exploited.


Pine Labs Reaffirms its Commitment to Indian Payments Space with Qfix Acquisition

HDFC Bank is Qfix's main distribution partner Pine Labs has announced that it has acquired Qfix, a Mumbai-based online payments startup. This acquisi...

Salesforce Expands into Thailand, Opens Office in Bangkok

Salesforce has announced permanent presence in Thailand by launching its new office in the country’s capital, Bangkok. The permanent presence wi...

GMLL is expected to soon add two more stores to its retail arm ‘Price Mantra’

Garment Mantra Lifestyle, a popular name in the Indian fashion retail segment, recently made an announcement that the company is expanding its retail ...

Tariff plans will cost higher from the next financial year as telecom companies are gearing up to increase rates

The ongoing Covid pandemic had significantly increased the number of mobile and internet users worldwide. The high amount of usage is expected to drop...