MikroTik Routers Exploited in Massive Crypto-Mining Campaign

SecurityWeek | August 03, 2018

MikroTik Routers Exploited in Massive Crypto-Mining Campaign
Attackers managed to infect tens of thousands of MikroTik network routers in Brazil with code that injects the CoinHive in-browser crypto-mining script into web traffic. The attack emerged on July 31, when more than 70,000 MikroTik devices in the country started displaying the same behavior. With all using the same CoinHive site-key, it became apparent that a single actor was behind the attack. No zero-day was used in this massive attack, as MikroTik, a Latvian router manufacturer, patched the targeted vulnerability back in April 2018. The issue, however, is that the vulnerable devices haven’t been updated in a timely manner. At the moment, there are “hundreds of thousands of unpatched (and thus vulnerable) devices still out there, and tens of thousands of them are in Brazil alone,” Trustwave’s Simon Kenin, the researcher who analyzed the attack, reveals. The employed exploit provides the attacker with the ability to read files from a vulnerable MikroTik router and get unauthenticated remote admin access to the device. As part of this attack, however, the actor didn’t run a malicious executable on the router, but leveraged the device’s functionality to inject the CoinHive script into every web page the user visited. For that, the attacker created a custom error page with the CoinHive script in it, which resulted in the user landing on that page when encountering any kind of error page while browsing. The attack works in both directions, meaning that users who visit websites behind those infected routers are impacted as well. Initially, users would encounter the CoinHive script on every visited page, likely because the attacker, who appears to have high understanding of how the MikroTik routers work, might have built code to inject the script in every page.

Spotlight

Make sure your business has guaranteed access to information, when you need it.
This video will show you how using Allied Telesis VCStack, which allows multiple switches to appear as a single virtual chassis. VCStack makes your network robust and resilient

Spotlight

Make sure your business has guaranteed access to information, when you need it.
This video will show you how using Allied Telesis VCStack, which allows multiple switches to appear as a single virtual chassis. VCStack makes your network robust and resilient

Related News
NETWORK INFRASTRUCTURE

Hurricane Electric and NEXTDC Expand Partnership to Increase IP Transit Options in Melbourne

Hurricane Eletric & NEXTDC | December 06, 2021

Hurricane Electric, the world’s largest IPv6-native Internet backbone and NEXTDC, Australia’s leading provider of premium data centre solutions, announced that Hurricane Electric has deployed a new Point of Presence (PoP) in NEXTDC’s M1 Melbourne Data Centre, located in Port Melbourne.NEXTDC’s M1 Melbourne is Victoria’s most highly interconnected data centre, with organisations being afforded the advantage of seamless, secure and native access to the world’s largest cloud platforms including AWS, Google Cloud, Microsoft, IBM Cloud, Oracle Cloud and Alibaba Cloud, as well as the nation's major carrier networks and digital service providers. The expansion of Hurricane Electric’s presence into M1 delivers NEXTDC’s Melbourne-based customers a variety of new connectivity options and access to Hurricane Electric’s extensive IPv4 and IPv6 network through 100GE (100 Gigabit Ethernet), 10GE (10 Gigabit Ethernet) and GigE (1 Gigabit Ethernet) ports. Additionally, customers at the facility are able to exchange IP traffic with Hurricane Electric’s vast global network, which offers over 20,000 BGP sessions with over 9,000 different networks via more than 250 major exchange points and thousands of customer and private peering ports. “Connectivity continues to play an increasingly important role for organisations as they continue to accelerate and modernise their hybrid IT environments. Our partnership with Hurricane Electric enables us to deepen optionality within our ecosystem, and deliver our customers the power of choice to seamlessly connect to the critical services their business relies on,With Melbourne rapidly emerging as Australia’s next major digital region, it’s critical customers have access to a global network of services such as Hurricane Electric, to provide the speed and global reach needed.” -David Dzienciol, Chief Customer and Commercial Officer at NEXTDC According to recent reports, Melbourne has become Australia’s tech capital, and is home to more than half of Australia’s top twenty technology companies, generating $34 billion in revenue each year, employs about 90,000 people, approximately 31% of Australia’s entire ICT workforce. “Hurricane Electric is thrilled to continue our relationship with a valuable partner like NEXTDC and provide their ecosystem with cost-effective IP transit,This expansion will provide more connectivity options for organisations throughout Melbourne while being able to tap into Hurricane Electric’s rich global network.” -Mike Leber, President of Hurricane Electric About Hurricane Electric Hurricane Electric operates its own global IPv4 and IPv6 network and is considered the largest IPv6 backbone in the world. Within its global network, Hurricane Electric is connected more than 250 major exchange points and exchanges traffic directly with more than 9,000 different networks. Employing a resilient fiber-optic topology, Hurricane Electric has five redundant 100G paths crossing North America, four separate 100G paths between the U.S. and Europe, and 100G rings in Europe, Australia and Asia. Hurricane also has a ring around Africa, and a PoP in Auckland, NZ. Hurricane Electric offers IPv4 and IPv6 transit solutions over the same connection. Connection speeds available include 100GE (100 gigabits/second), 10GE, and gigabit ethernet.Additional information can be found at http://he.net. About NEXTDC NEXTDC is an ASX 100-listed technology company and Asia’s most innovative Data Centre-as-a-Service provider. We are building the infrastructure platform for the digital economy, delivering the critical power, security and interconnection capability for global cloud computing providers, enterprise and government.NEXTDC is recognised globally for the design, construction and operation of Australia’s only network of Uptime Institute certified Tier IV facilities, and the only data centre operator in the Southern Hemisphere to achieve Tier IV Gold certification for Operational Sustainability. NEXTDC has a strong focus on sustainability and operational excellence through renewable energy sources and delivering world-class operational efficiency. Our data centres have been engineered to deliver exceptional levels of efficiency and the industry’s lowest Total Cost of Operation through NABERS 5-star energy efficiency.NEXTDC’s corporate operations and data centre solutions are certified carbon neutral under the Australian Federal Government’s Climate Active standard. Our Cloud Centre partner ecosystem is Australia’s most dynamic digital services marketplace, comprising >700 carriers, cloud providers and IT service providers, enabling local and international customers to source and connect with cloud platforms, service providers and vendors to build complex hybrid cloud networks and scale their critical IT infrastructure services.

Read More

WAN TECHNOLOGIES

Everynet Launches LoRaWAN® Service in Seven More Major Metropolitan Areas

Everynet | December 03, 2021

Everynet, the world’s largest network operator for national LoRaWAN® networks, today expanded their LoRaWAN network across seven more cities including Dallas/Fort Worth, San Antonio, Tampa, Houston, Nashville, Pittsburgh and Indianapolis. These cities join Phoenix, Austin, Atlanta, Miami, Charlotte and Portland with immediate access to Low Power Wide Area Network (LPWAN) technology. As phase one of its U.S. national rollout, Everynet is deploying network services to the top 36 metropolitan areas. For enterprise users, this makes the benefits of LoRaWAN easily accessible. Those who make the transition from cellular or private networks enjoy substantial benefits, including lower operating costs, longer battery life and increased network longevity. The U.S. is the latest country to benefit from the enterprise solutions delivered through Everynet’s global network. Through these networks around the world, Everynet has already processed billions of messages. For municipalities around the United States, Everynet’s expansion couldn’t come at a better time. “For some time now, cities have been evaluating the best way to evolve and support essential services, improve infrastructure and become smart cities. With the recent passage of the U.S. infrastructure spending bill, cities of all sizes now have an opportunity to deliver on these goals,We’re excited to play a critical role in these efforts by enabling massive IoT through our national network.” -Lawrence Latham, CEO of Everynet BV The top IoT uses for the Everynet network include: Smart Cities. Cities can easily monitor and manage lighting, streamline waste management services, manage flooding and check air quality. Smart Infrastructure. Applications to monitor critical infrastructure including roads, pipelines and transportation of materials. In addition, the network can be used to monitor freight rail, shipping ports and subways to streamline operations and gather data for predictive maintenance. Utilities. Applications enable utilities to remotely monitor, maintain and gather data on water systems, substations, smart grid reclosers, transformers, LPG gas and residential and commercial metering. Supply Chain Logistics. Organizations can track and monitor critical assets such as pallets, containers and goods. By managing the geo-location, cold-chain monitoring, humidity and shock, enterprises can effectively receive real-time data on the movement, condition and arrival of assets through the complete supply chain Everynet’s neutral-host business model enables Mobile Network Operators (MNOs), Mobile Virtual Network Operators (MVNOs), Application Service Providers (ASPs), Managed Service Providers (MSPs) and Internet Service Providers (ISPs) to offer carrier grade Low-Power Wide-Area (LPWA) IoT services to their customers. As part of their U.S. national LoRaWAN network rollout, Everynet is deploying TEKTELIC Carrier Grade 64-Channel LoRaWAN Mega Gateways to ensure the best radio performance and network reliability. The LoRaWAN open standards-based ecosystem provides companies with a selection of hundreds of devices and applications. LoRaWAN radio frequency technology, used by Everynet, is a widely adopted long-range, low-power solution that helps enable ultra-low cost IoT projects worldwide. Its characteristics make Everynet’s network the best option for customers looking for reliability and longevity. Everynet welcomes any platform provider, device maker and solution provider to take advantage of the newly launched, continually expanding U.S. network through its Ethingz Ecosystem Partner Program. Speak with an Everynet representative today to get started. About Everynet Everynet is a global LoRaWAN® network operator and provides carrier grade networks in Asia, Europe and the Americas. Everynet’s Neutral Host Network model enables Mobile Network Operators (MNOs), Mobile Virtual Network Operators (MVNOs) and global Managed Service Providers (MSPs) to offer ultra-low cost IoT immediately and profitability with ZERO upfront capital expenditure. Everynet makes IoT accessible across any industry to enable enterprise-grade solutions and is deployed using LoRaWAN® technology, the globally adopted open standard for IoT connectivity. For more information visit www.everynet.com.

Read More

NETWORK SECURITY

Aviatrix Arms Customers with Multi-Cloud Native Network Security

Aviatrix | December 02, 2021

Aviatrix, the leader in multi-cloud native networking and network security, announced new security capabilities – ThreatIQ with ThreatGuard™ – which embeds network security across the Aviatrix multi-cloud native data plane and enables every network node to provide security inspection and enforcement. ThreatIQ with ThreatGuard inspects traffic in real-time as it crosses the network, providing deeper visibility into activities potentially missed by traditional network security approaches such as NGFW and other legacy solutions. Embedded into the Aviatrix multi-cloud data plane, these new capabilities enable every network node to provide traffic inspection and enforcement, while policy-based automated remediation of identified threats eliminates delays stemming from manual administrative action and review. "At Avis, our advanced infrastructure enables application teams to quickly deliver new features and experiences for our customers and partners,Aviatrix has been instrumental in day two operations within our multi-cloud environment by providing us with the right level of fidelity to quickly detect and isolate issues whenever they occur." -Matthew Benner, Global Vice President of Infrastructure and Core Services at Avis Budget Group The flexibility of multi-cloud network architecture has led to its rapid adoption by enterprises world-wide, but it has also led to increased exposure to varied security risks. With limited control, visibility, and network security in multi-cloud deployments, enterprises often struggle to manage threats like data exfiltration and malicious traffic across cloud service providers (CSPs). Funneling traffic through security choke points or adding third-party appliances can be ineffective against data exfiltration and botnet operations, as new environments or shadow IT may circumvent their usage. Additionally, the distributed nature of separate cloud teams managing different CSPs creates organizational redundancies, while hindering a coordinated strategy to protect against malicious activity. This results in a dynamic environment with increased business risk and an unacceptably high mean-time-to-resolution (MTTR). By embedding security into the multi-cloud data plane, Aviatrix provides an elegant and efficient solution to these challenges which complements existing security solutions. Aviatrix has been instrumental to how we architected a multi-cloud infrastructure that operates as a unified fabric with security at its core," said Fernando Robayo, Senior Vice President, Global Head of Network at Jefferies Financial. This agility with control has enabled us to become highly responsive to the needs of our business. Multiple Clouds. One Network Architecture. One Operational Model. The Aviatrix multi-cloud native network platform is software-deployed and operated by enterprise customers. The software directly programs the native cloud constructs to maintain the simplicity and automation unique to each cloud provider. Aviatrix adds advanced networking, security, automation, and day-two operational visibility for enterprises using one or more public clouds. "In the cloud, Internet access has never been easier for workloads. For security personnel, safeguarding connectivity, gaining visibility, and remediating threats has never been more challenging,We're committed to consistently introducing new ways of ensuring our customers can reduce business risk by layering in security at the network data layer without impacting business agility." -Bryan Ashley, Vice President of Product Marketing at Aviatrix About Aviatrix Aviatrix is the pioneer of multi-cloud native networking and network security. More than 500 customers worldwide leverage Aviatrix to create a common, multi-cloud networking and network security platform that delivers enterprise-class visibility and security controls with the simplicity and agility of cloud. Combined with the industry's first and only multi-cloud networking certification (ACE), Aviatrix is empowering IT to lead and accelerate the transformation to the cloud. Learn more at Aviatrix.com.

Read More