Microsoft now tells you if your MikroTik router is infected

There are different security threats that can put our routers at risk and affect their proper functioning. One of the most dangerous in recent years is TrickBot. Now Microsoft has created a tool to scan MikroTik routers to find out if they are infected by this threat or not. It is one of the most used brands, so it is a very interesting solution for many users.

Detect if your router is affected by TrickBot

TrickBot is a security threat that has been very present in recent years. It is a botnet that is normally distributed through email using Phishing tactics or through other malware that has previously infected the victim. What it does from then on is connect to a server controlled by the attacker and allow it to send malicious payloads to the infected computer.

This threat has affected a wide variety of IoT devices and also routers. It makes that attacked computer act as a proxy between the device and the attackers' server. In recent times, attackers have used TrickBot to compromise MikroTik routers.

To access them, they mainly relied on using default credentials. For this reason, it is important that you always change the access data that comes from the factory when you buy a router. They can perform brute force attacks to gain control of devices. But they have also exploited vulnerabilities like CVE-2018-14847.

The problem is that there are hundreds of thousands of MikroTik routers that are still vulnerable. For this reason, Microsoft has launched a tool called routeros-scanner with which administrators can analyze devices of this brand to find out if they are infected with TrickBot or not and be able to take action as soon as possible.

Basically what the script does is find out the version of the device and whether or not it is vulnerable to a particular failure, check scheduled tasks, traffic redirection rules, DNS cache poisoning, change in default ports, suspicious files or proxies. This will help to know if that specific team is in danger.

 

 

How to protect MikroTik routers

The first thing you should do is make sure you have the latest version of the router. Security researchers recommend having RouterOS versions higher than 6.45.6. Always having updated devices is essential in order to be protected and avoid problems.

In addition, it is also important to change the default password on the router. It is essential that you use a new key, that it is strong and has everything necessary to make it very difficult to find out through the methods used by hackers, such as brute force.

Another tip suggested by security researchers is to block port 8291 from external access, as well as change the default SSH port, which is 22, to something else. One more recommendation is a VPN for remote access and restrict remote access to the router.

In short, as you have seen, Microsoft has launched a tool to check if a MikroTik router is affected by TrickBot. However, it is important that you follow a series of tips to prevent them from suffering some type of cyber attack.

 

Link: https://www.redeszone.net/noticias/seguridad/microsoft-herramienta-detectar-trickbot-mikrotik/