First of all, they are plentiful with more than 2,000,000 devices deployed worldwide, and also particularly powerful and feature-rich devices. MikroTik devices present an enticing set of traits from the perspective of an attacker. What Enterprise Security Teams Can Do About It.Plotting the MikroTik Attack Surface in the Wild.Even non-vulnerable device firmware versions can still be readily configured for malicious purposes. We need to discover whether a given device might already be compromised and determine whether it is patched or not. Instead, we need to leverage the very same tactics, techniques, and procedures (TTPs) the attackers use. Given such a vast percentage of these devices have been in a vulnerable state for many years on end, it is simply not enough to find ‘old’ (vulnerable) devices.
Part of our research aim is to shine a light on this problem by mapping the MikroTik attack surface and providing researchers and security teams with tools that they can use to find both vulnerable and already-compromised MikroTik devices. Even the default Shodan searches for MikroTik leave entire swaths of these devices undiscovered. In effect, the perimeter has as many holes as a bee’s nest has hexagons.Īnd while threat actors have the tools to find vulnerable MikroTik devices, many enterprises do not. With the increase in users working from home, attackers now have a wealth of easily discoverable, vulnerable devices that can provide attackers with easy access to both the employee’s home devices, as well as devices and resources of the enterprise. The ability to proxy and manipulate traffic should be of particular interest to enterprise security teams. This has made MikroTik devices a favorite among threat actors who have commandeered the devices for everything from DDoS attacks, command-and-control (aka “C2”), traffic tunneling, and more. For the money, there is hardly a more powerful device a consumer can get their hands on. These devices are both powerful, and as our research shows, often highly vulnerable. What do you do when two million cheap and powerful devices become the launchpad for one of the most powerful botnets ever? You stop treating the threat like a newly discovered and unexpected honey bee hive and you start remediating like you’ve discovered a Murder Hornet nest.īased in Latvia, MikroTik may not be a household name, but it has been a popular supplier of routers and wireless ISP devices since 1996 with more than 2,000,000 devices deployed worldwide.
0 kommentar(er)
