fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

MikroTik Shares Info on Securing Routers Hit By Massive Mēris Botnet

MikroTik Shares Info on Securing Routers Hit By Massive Mēris Botnet

Latvian network equipment manufacturer MikroTik has shared details on how customers can secure and clean routers compromised by the massive Mēris DDoS botnet over the summer.

“As far as we have seen, these attacks use the same routers that were compromised in 2018, when MikroTik RouterOS had a vulnerability, that was quickly patched,” a MicroTik spokesperson told BleepingComputer.

“Unfortunately, closing the vulnerability does not immediately protect these routers. If somebody got your password in 2018, just an upgrade will not help.

“You must also change password, re-check your firewall if it does not allow remote access to unknown parties, and look for scripts that you did not create.”

IoT botnet on steroids

The Mēris botnet has been behind two record-breaking volumetric (aka application-layer) DDoS attacks this year.

The first one mitigated by Cloudflare in August reached 17.2 million request-per-second (RPS). The second one peaked at an unprecedented rate of 21.8 million RPS while hammering Russian internet giant Yandex servers earlier this month.

According to Qrator Labs researchers who provided details on the Yandex attack, Mēris — a botnet derived from Mirai malware code — is now controlling roughly 250,000 devices, most of them MikroTik network gateways and routers.

Also Read: The Role of A DPO During Work From Home

The researchers also added that the hosts compromised by Mēris are “not your typical IoT blinker connected to WiFi” but highly capable devices connected to the Intenet via an Ethernet connection.

Mēris’ history of attacks targeting Yandex’s network started in early August with a 5.2 million RPS DDpS attack and kept increasing in size:

  • 2021-08-07 – 5.2 million RPS
  • 2021-08-09 – 6.5 million RPS
  • 2021-08-29 – 9.6 million RPS
  • 2021-08-31 – 10.9 million RPS
  • 2021-09-05 – 21.8 million RPS

How to secure and clean your MikroTik router

MikroTik also shared info on how to clean and secure gateways compromised by this botnet in a blog post published today.

The network equipment vendor urges customers to choose strong passwords that should defend their devices from brute-force attacks and keep them up to date to block CVE-2018-14847 Winbox exploits likely used by the Mēris botnet according to MikroTik.

The company outlined the best course of action, which includes the following steps:

  • Keep your MikroTik device up to date with regular upgrades.
  • Do not open access to your device from the internet side to everyone, if you need remote access, only open a secure VPN service, like IPsec.
  • Use a strong password and even if you do, change it now!
  • Don’t assume your local network can be trusted. Malware can attempt to connect to your router if you have a weak password or no password.
  • Inspect your RouterOS configuration for unknown settings.

Settings the Mēris malware can set when reconfiguring compromised MicroTik routers include:

  • System -> Scheduler rules that execute a Fetch script. Remove these.
  • IP -> Socks proxy. If you don’t use this feature or don’t know what it does, it must be disabled.
  • L2TP client named “lvpn” or any L2TP client that you don’t recognize.
  • Input firewall rule that allows access for port 5678.

“We have tried to reach all users of RouterOS about this, but many of them have never been in contact with MikroTik and are not actively monitoring their devices. We are working on other solutions too,” MikroTik added.

Also Read: Top 3 Common Data Protection Mistakes, Revealed

“As far as we know right now – There are no new vulnerabilities in these devices. RouterOS has been recently independently audited by several contractors.”

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us