Saturday, January 18, 2025
HomeDDOSMikroTik Shared a Mitigation to Secure Routers From Massive Mēris DDoS Botnet...

MikroTik Shared a Mitigation to Secure Routers From Massive Mēris DDoS Botnet Attack

Published on

SIEM as a Service

Follow Us on Google News

Over the summer the routers that are compromised by the massive Mēris DDoS botnet could be now cleaned, since MikroTik, the Latvian network equipment manufacturer has shared the proper guide and information to do so.

As in recent times, we witnessed that how Yandex was encountering a huge DDoS attack that was conducted by the Mēris botnet. And this attack was designated as the most extensive as well as the most complicated DDoS attack in history till now.

But, Yandex and Qrator Labs reported a large reserve on Habré, on which they have submitted all the key details regarding the attack, and they have also pronounced that what exactly happened during the attack. While the power of this extensive DDoS attack was more than 20 million requests per second.

Mitigation Measures

Here’s the list of mitigation measures shared by MikroTik for all its customers, so that they can secure their compromised routers:-

  • Always, keep your MikroTik device updated, with regular upgrades.
  • Do not open access to your device from the internet side to everyone, in case you require remote access, only open reliable VPN services.
  • Always prefer a strong password.
  • Always keep changing your password from time to time. 
  • Don’t trust your local networks, as malware can try to connect to your router in case you have a weak password or no password.
  • Examine your RouterOS configuration for unknown settings.

IoT botnet on steroids

After the investigation, it’s been clear that the Mēris botnet has been behind this attack, and not only this but the botnet was behind two record-breaking volumetric DDoS attacks this particular year.

However, the first attack was mitigated by Cloudflare in August, and it has been asserted that it has reached 17.2 million request-per-second (RPS). 

In the case of the second attack, it was peaked at an unparalleled rate of 21.8 million RPS while striking Russian internet giant Yandex servers earlier this month.

Apart from this, the Mēris is a botnet that is obtained from Mirai malware code, and now they are managing approximately 250,000 devices, and it includes most of the MikroTik network gateways and routers.

History of attacks on Yandex

Here’s the full botnet’s history of attacks on Yandex:-

  • 2021-08-07 – 5.2 million RPS
  • 2021-08-09 – 6.5 million RPS 
  • 2021-08-29 – 9.6 million RPS
  • 2021-08-31 – 10.9 million RPS
  • 2021-09-05 – 21.8 million RPS

Recommended configuration

The security analysts at MikroTik recommended some immediate and important configurations to the users, and here they are mentioned below:-

  • System -> Scheduler rules that administer a Fetch script. Remove these. 
  • IP -> Socks proxy. If you don’t apply this feature or don’t know what it does, you should disable it. 
  • L2TP client entitled “VPN” or any L2TP client that you don’t remember. 
  • Input firewall rule that enables access for port 5678. 

Moreover, MikroTik has attempted to reach all users of RouterOS regarding this, but there are many of them who have never been in touch with MikroTik and are not actively patrolling their devices.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Hackers Easily Bypass Active Directory Group Policy to Allow Vulnerable NTLMv1 Auth Protocol

Researchers have discovered a critical flaw in Active Directory’s NTLMv1 mitigation strategy, where misconfigured...

AWS Warns of Multiple Vulnerabilities in Amazon WorkSpaces, Amazon AppStream 2.0, & Amazon DCV

Amazon Web Services (AWS) has issued a critical security advisory highlighting vulnerabilities in specific...

FlowerStorm PaaS Platform Attacking Microsoft Users With Fake Login Pages

Rockstar2FA is a PaaS kit that mimics the legitimate credential-request behavior of cloud/SaaS platforms....

New Tool Unveiled to Scan Hacking Content on Telegram

A Russian software developer, aided by the National Technology Initiative, has introduced a groundbreaking...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

AIRASHI Botnet Exploiting 0-Day Vulnerabilities In Large Scale DDoS Attacks

AISURU botnet launched a DDoS attack targeting Black Myth: Wukong distribution platforms in August...

NTT Docomo Hit by DDoS Attack, Services Disrupted for 11 Hours

NTT Docomo, one of Japan’s leading telecommunications and IT service providers, experienced a massive...

Over 300,000 Prometheus Servers Vulnerable to DoS Attacks Due to RepoJacking Exploit

The research identified vulnerabilities in Prometheus, including information disclosure from exposed servers, DoS risks...