Monday, September 9, 2024
HomeDDOSMikroTik Shared a Mitigation to Secure Routers From Massive Mēris DDoS Botnet...

MikroTik Shared a Mitigation to Secure Routers From Massive Mēris DDoS Botnet Attack

Published on

Over the summer the routers that are compromised by the massive Mēris DDoS botnet could be now cleaned, since MikroTik, the Latvian network equipment manufacturer has shared the proper guide and information to do so.

As in recent times, we witnessed that how Yandex was encountering a huge DDoS attack that was conducted by the Mēris botnet. And this attack was designated as the most extensive as well as the most complicated DDoS attack in history till now.

But, Yandex and Qrator Labs reported a large reserve on Habré, on which they have submitted all the key details regarding the attack, and they have also pronounced that what exactly happened during the attack. While the power of this extensive DDoS attack was more than 20 million requests per second.

- Advertisement - EHA

Mitigation Measures

Here’s the list of mitigation measures shared by MikroTik for all its customers, so that they can secure their compromised routers:-

  • Always, keep your MikroTik device updated, with regular upgrades.
  • Do not open access to your device from the internet side to everyone, in case you require remote access, only open reliable VPN services.
  • Always prefer a strong password.
  • Always keep changing your password from time to time. 
  • Don’t trust your local networks, as malware can try to connect to your router in case you have a weak password or no password.
  • Examine your RouterOS configuration for unknown settings.

IoT botnet on steroids

After the investigation, it’s been clear that the Mēris botnet has been behind this attack, and not only this but the botnet was behind two record-breaking volumetric DDoS attacks this particular year.

However, the first attack was mitigated by Cloudflare in August, and it has been asserted that it has reached 17.2 million request-per-second (RPS). 

In the case of the second attack, it was peaked at an unparalleled rate of 21.8 million RPS while striking Russian internet giant Yandex servers earlier this month.

Apart from this, the Mēris is a botnet that is obtained from Mirai malware code, and now they are managing approximately 250,000 devices, and it includes most of the MikroTik network gateways and routers.

History of attacks on Yandex

Here’s the full botnet’s history of attacks on Yandex:-

  • 2021-08-07 – 5.2 million RPS
  • 2021-08-09 – 6.5 million RPS 
  • 2021-08-29 – 9.6 million RPS
  • 2021-08-31 – 10.9 million RPS
  • 2021-09-05 – 21.8 million RPS

Recommended configuration

The security analysts at MikroTik recommended some immediate and important configurations to the users, and here they are mentioned below:-

  • System -> Scheduler rules that administer a Fetch script. Remove these. 
  • IP -> Socks proxy. If you don’t apply this feature or don’t know what it does, you should disable it. 
  • L2TP client entitled “VPN” or any L2TP client that you don’t remember. 
  • Input firewall rule that enables access for port 5678. 

Moreover, MikroTik has attempted to reach all users of RouterOS regarding this, but there are many of them who have never been in touch with MikroTik and are not actively patrolling their devices.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Vulnerabilities in IBM Products Let Attackers Exploit & Launch DOS Attack

IBM has issued a security bulletin addressing critical vulnerabilities in its MQ Operator and...

BBTok Abuses Legitimate Windows Utility Command Tool to Stay Undetected

Cybercriminals in Latin America have increased their use of phishing scams targeting business transactions...

Predator Spyware Exploiting “one-click” & “zero-click” Flaws

Recent research indicates that the Predator spyware, once thought to be inactive due to...

Tropic Trooper Attacks Government Organizations to Steal Sensitive Data

Tropic Trooper (aka KeyBoy, Pirate Panda, and APT23) is a sophisticated cyberespionage APT group,...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

Researchers Detailed Russian Hacktivist/State Hackers Tactics

The People's Cyber Army of Russia is a Russian hacktivist group known for its...

MegaMedusa, Highly Scalable Web DDoS Attack Tool Used By Hacker Groups

RipperSec, a pro-Palestinian, pro-Muslim Malaysian hacktivist group, has rapidly grown since its Telegram inception...

Record Breaking DDoS Attack 419 TB of Malicious Traffic Within 24-Hours

A record-breaking Distributed Denial of Service (DDoS) attack unleashed 419 terabytes of malicious traffic...