On August 2nd, Hackernews reported that over 200000 MikroTik routers were infected with Crypto mining malware. The hackers exploited a known vulnerability in the Winbox component of MikroTik, this was discovered in April and patched in just a few days after the discovery.

This security issue can allow a hacker to gain access to the routers and then inject Coinhive’s Javascript into every webpage that a user visits using that vulnerable router. This makes every connected computer to mine Monero Crypto currency for the hackers.

Although the vulnerability was patched promptly by the manufacturer, users didn’t update their firmware which led to this high number of infected devices.

It is important to keep all your devices updated, and although most users will not touch their routers, or other similar devices, thinking that they are dealt with by their internet / IT provider, that doesn’t mean that they are secured by default. Routers need to be updated too.

As part of the Cyber Essentials Remediation works, we will update routers and switches to the latest firmware and make sure there are no weak passwords with which a vulnerability like this can exploit. If there is a known outbreak of an infection on devices that we know are out on clients sites and are overtly used, we will find the right course to fix and roll it out.