Posted on August 7, 2018 at 5:30 PM
A major crypto-mining hack has gone underway in Brazil, affecting more than 200,000 MikroTik routers. The hack has hit a massive amount of routers, which is exactly why researches are security experts everywhere are freaking out. They believe that this could be just the beginning of a large-scale operation.
The hack is spreading throughout Mikrotik routers used in Brazil. The attack’s purpose is to set up a mining network for cryptocurrencies, which has proven to be quite lucrative in the past. Investigators are not sure if the attack is being carried out by an individual, or by a network of cybercriminals.
Whoever is responsible is attacking a flaw that had been previously patched before. This attack has hit 200,000 MikroTik routers by running scripts on computers of unsuspecting victims to set up a crypto-mining network.
The attacker(s) are using Coinhive, a Monero (cryptocurrency) mining script. This particular script enables processing powers to be grouped up, which allows for more mining. Coinhive was initially used by charities but has proven to be just as useful to cyber thieves.
World Wide Takeover
TrustWave researcher Simon Kenin has stated that although the attack has taken place in Brazil, there have been similar attacks throughout the world. One of those attacks occurred in Moldova, which is an inland country in Eastern Europe. The hack involved more than 25,000 routers provided by none other than MikroTik.
This makes thousands of researchers and consumers alike uncomfortable. The fact that the hackers are hitting MikroTik routers pushes experts to believe that the attacks could start happening worldwide.
Kenin is one of those people, stating
This type of hack is becoming more common for the simple fact that it tends to yield a larger payout. A typical miner would bring in a lot less money using ransomware, a one-time payout for each computer. Hackers using Coinhive attack multiple computers at once, which takes more time but eventually leads to a worth-while payout.
These hacks should serve as a good reminder to individuals and companies still using MikroTik routers to patch their devices as soon as possible. Though, the patches seem to be only a temporary fix to a seemingly permanent problem.
The vulnerability is found within the Winbox component of the MikroTik routers. The susceptibility was first found in April of this year and was patched up just one day after it was discovered. This goes to show just how often developers push out a product without proper safety protocol.