Routers turned into zombie cryptojackers – is yours one of them?
Credit:
Sophos
We’ll start this story right at the end:
- Users and sysadmins. Patch early, patch often.
- Vendors and programmers. Don’t store plaintext passwords.
In this particular case, the vulnerable devices that are now being attacked are Mikrotik routers that haven’t been patched since April 2018.
Security researcher Simon Kenin at Trustwave pieced the story together, following reports that there seemed to be a surge of web-based cryptojacking in Brazil.
Kenin quickly realised that Brazil was something of a red herring in the story, because the attack was happening wherever the crooks could find unpatched Mikrotik routers.