Internet

Microsoft now tells you if your MikroTik router is infected

Deepak GuptaMarch 18, 2022
0

Detect if your router is affected by TrickBot

TrickBot is a security threat that has been very present in recent years. It is a botnet that is normally distributed through email using Phishing tactics or through other malware that has previously infected the victim. What it does from then on is connect to a server controlled by the attacker and allow it to send malicious payloads to the infected computer.

This threat has affected a wide variety of IoT devices and also to routers. It makes that attacked computer act as a proxy between the device and the attackers’ server. In recent times, attackers have used TrickBot to compromise MikroTik routers.

To access them, they mainly relied on using default credentials. For this reason, it is important that you always change the access data that comes from the factory when you buy a router. They can perform brute force attacks to gain control of devices. But they have also exploited vulnerabilities like CVE-2018-14847.

The problem is that there are hundreds of thousands of MikroTik routers that are still vulnerable. For this reason, Microsoft has launched a tool called routeros-scanner with which administrators can analyze devices of this brand to find out if they are infected with TrickBot or not and be able to take action as soon as possible.

Basically what the script is to know the version of the device and whether or not it is vulnerable to a certain failure, check scheduled tasks, traffic redirection rules, DNS cache poisoning, change in default ports, suspicious files or proxies. This will help to know if that specific team is in danger.

TrickBot

How to protect MikroTik routers

The first thing you should do is make sure you have the latest version of the router. Security researchers recommend having RouterOS versions higher than 6.45.6. Always having updated devices is essential in order to be protected and avoid problems.

In addition, it is also important change Password which comes by default on the router. It is essential that you use a new key, that it is strong and has everything necessary to make it very difficult to find out through the methods used by hackers, such as brute force.

Another tip from security researchers is block port 8291 external access, as well as change default ssh port, which is 22, by a different one. One more recommendation is a VPN for remote access and restrict remote access to the router.

In short, as you have seen, Microsoft has launched a tool to check if a MikroTik router is affected by TrickBot. However, it is important that you follow a series of tips to prevent them from suffering some type of cyber attack.

We have other articles that may interest you:
  1. STATUS_ACCESS_VIOLATION: How to avoid this error when browsing
  2. Netflix reaches a bandwidth of 400 Gbps of video, this is how they get it
  3. What to consider when buying a USB adapter with 4G or 5G
  4. Why are they more likely to ask you for money if they infect your computer
  5. Beware of these scams if you buy a second-hand device
  6. Dropbox or pCloud, which cloud storage is better
Deepak GuptaMarch 18, 2022
0

Related Articles

Wi-Fi connection error 0x00028002: what is it and how to avoid it

November 27, 2021

With this they can use your fingerprint and scam you on the Internet

July 12, 2023

Did you see a failed secure connection in Firefox? Solve it like this

October 26, 2021

Offer on this NAS Synology DS920+ with 48TB of disks

February 15, 2023

Leave a Reply

Your email address will not be published. Required fields are marked *