Community discussions

 
patrickmkt
Member Candidate
Member Candidate
Topic Author
Posts: 144
Joined: Sat Jul 28, 2012 5:21 pm

Crooks Use Hacked Routers to Aid Cyberheists

Tue Jun 30, 2015 9:54 pm

"Recently, researchers at the Fujitsu Security Operations Center in Warrington, UK began tracking Upatre being served from hundreds of compromised home routers — particularly routers powered by MikroTik and Ubiquiti’s AirOS."


“The consistency in which the botnet is communicating with compromised routers in relation to both distribution and communication leads us to believe known vulnerabilities are being exploited in the firmware which allows this to occur.”

http://krebsonsecurity.com/2015/06/croo ... more-31364
 
jarda
Forum Guru
Forum Guru
Posts: 7412
Joined: Mon Oct 22, 2012 4:46 pm

Wed Jul 01, 2015 9:29 am

According to the article it is more or less question of belief. Maybe the infected computers are just behind those routers using upnp to be reachable...
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 23259
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Crooks Use Hacked Routers to Aid Cyberheists

Wed Jul 01, 2015 10:05 am

Sounds like FUD. As you well know, MikroTik devices have firewall by default, on the public interface. Article blames use of default login/password, but this is not true for access from the internet.
No answer to your question? How to write posts
 
User avatar
IPANetEngineer
Trainer
Trainer
Posts: 903
Joined: Fri Aug 10, 2012 6:46 am
Location: Jackson, MS, USA
Contact:

Re: Crooks Use Hacked Routers to Aid Cyberheists

Sun Jul 12, 2015 3:58 am

Always possible people are disabling the firewall and not setting the password. Did a write up on this issue as it seems to have been more of an issue on the Ubiquity side with some actual evidence of the router being used as a distribution point for Dyre:

http://www.stubarea51.net/2015/07/11/mi ... e-malware/.
Expert consulting in | BGP | MPLS | OSPF | Se Habla Español 1-855-645-7684
http://www.iparchitechs.com #1 ranked MikroTik consulting firm in North America
 
normalcy
newbie
Posts: 41
Joined: Tue Jan 03, 2012 6:35 am
Location: Brisbane, Australia

Crooks Use Hacked Routers to Aid Cyberheists

Sun Jul 12, 2015 6:13 am

I know quickset will generally put a deny all filter rule on the wan input if used. But could you also put a security checklist or section for securing router access in quickset too?

Something that might let you specify an admin ip/subnet and then automatically populate firewall rules on all input interfaces permitting that admin address as well as changing the permitted addresses under 'ip > services' and the various tool discovery interfaces as well?

That way if you want the quick setup path you get the option of a bit more lockdown without having to find and configure the various commands scattered around the interface but if you're more experienced you can still manage the total config yourself without using quickset.

I recognise the type of people who don't know enough about the equipment to research securing it in production will be exactly the type of people who will loudly complain about being "locked out" by a security 'wizard' though.

But handholding in quickset and leaving everything else to the power user otherwise seems the least worst option for a 'can't please everyone all the time' problem.
 
User avatar
zipvault
Member Candidate
Member Candidate
Posts: 144
Joined: Fri Dec 23, 2016 8:15 am

Re: Crooks Use Hacked Routers to Aid Cyberheists

Sat Dec 24, 2016 5:59 am

any update on this dyre or upatre,

interested in securing any possible security flaws as i noticed an article about this from last year
ZipVault

Who is online

Users browsing this forum: No registered users and 2 guests