Huge Range of MikroTik WiFi Routers Found Vulnerable To Cyber Attack in India

Mar 15, 2019
Posted by
Cyber Security
GIS Consulting 109

Hackers exploited MicroTik router’s Operating system which allows them to perform vast attacks from eavesdropping to crypto-mining.

A vulnerability in MikroTik WiFi routers has impact approx 2.5 lac routers over the globe, abandoning them vulnerable to crypto-mining and other forms of cyber-attacks. Of the aggregate influenced routers, 11,809 routers in India have been impacted. Brazil is most affected with 85,230 routers being impacted.

Attacks blocked around the world

The Avast has already presented the top ten of the most popular countries that got affected by JS:InfectedMikroTik malware (the numbers identify the number of affected users):

Brazil – 85 230;

Poland – 43 677;

Indonesia – 27 102;

Argentina – 24 255;

Colombia – 15 300;

Turkey – 15 144;

India – 11 809;

Ukraine – 11 614;

Bangladesh – 9 867;

Venezuela – 9 527.

Unfortunately, CVE-2018-14847 vulnerability is not the first one. On July 31, experts noticed more than 70,000 MikroTik routers in Brazil country acting in the same way. This time, hackers got a chance to read victim’s files from a vulnerable device and get unauthorized remote access to the device. However, the main task was to infect these vulnerable routers with the special code injecting the CoinHive in-browser crypto-mining script to generate cryptocurrency

Of the top internet providers with infected routers over the globe, Reliance Jio Infocomm is the main Indian web supplier in the rundown, proposing that it is the most influenced Indian internet provider. This at that point enables them to execute attacks ranging from crypto-mining to eavesdropping.

This campaign exploits the vulnerability in WinBox by injecting scripts, which launch a javascript cryptocurrency miner that runs in your browser.

“Interestingly, the originally intended web page reloads itself into an IFRAME element after 10 milliseconds, so the user sees the original content inside an iframe, while the miner runs in the background. This way, the user will happily browse the original content without even knowing that something fishy is going on in the background,” Avast says in its report of the vulnerability.

According to Avast, hackers search for anything that can give them computing power and routers are a standout amongst the most evident focuses since each associated family and business has one. Furthermore, the security issues to these routers are regularly because of feeble passwords.

On account of this attack, while it is recommended that a vulnerability in WinBox gave hackers access to the routers, Avast says that the routers could likewise have been exploited because their owners didn’t change their default credentials or created weak passwords.

The vulnerability which found in this router is fixed by updating its firmware. But out of the 314,000 MikroTik routers in the Avast user base, 85.48% are vulnerable to the Winbox exploit.

While Avast is still chasing the offenders, it says that it’s difficult given the number of infected routers is massive.

What to do if you’re affected?

Check if you have a MikroTik router.

Those who don’t have a MikroTik route can also be affected by this issue. If your anti-virus software gives you a detection JS:InfectedMikroTik, it is likely that your ISP (internet service provider) is affected. In that case, contact them immediately to resolve the issue on their routers.

Install the latest firmware and set a new password. Ensure the password is strong. New versions of MikroTik routers close external access to the router by default, thus making you safe from an attack.

Avast has listed down a detailed explanation of what to do if you are affected.

By GIS Consulting Team