BF-SIRT Newsletter 2018-31 november 8, 2018/in IT security /door johan_kanHuge Cryptomining Attack on ISP-Grade Routers Spreads Globally Carrier-grade MikroTik routers are delivering potentially millions of daily cryptomining pages to the attacker. A massive hacking campaign has been uncovered, compromising tens of thousands of MikroTik routers to embed Coinhive scripts in websites using a known vulnerability. So far, Censys.io has reported more than 170,000 active MikroTik devices infected with the CoinHive site-key used in this campaign (the site-key is the same across infections, indicating a single entity behind the attacks). The campaign is mainly targeting Brazil – but infections are growing internationally, according to Trustwave’s Secure Web Gateway (SWG) team, indicating much larger ambitions. “This is a warning call and reminder to everyone who has a MikroTik device to patch as soon as possible,” Trustwave researcher Simon Kenin wrote a posting today. “This attack may currently be prevalent in Brazil, but during the final stages of writing this blog, I also noticed other geo-locations being affected as well, so I believe this attack is intended to be on a global scale.” Top 5 Security Links How to defend yourself against SamSam ransomware Backdoors keep appearing in Cisco’s routers Reddit breach highlights limits of sms-based authentication Attacks on industrial enterprises using RMS and Teamviewer Amnesty International targeted by Nation-state spyware https://basefarm.nl/wp-content/uploads/2018/10/eye-319668-1030x682.jpg 682 1030 johan_kan /wp-content/uploads/2018/04/Basefarm-PERFECTLY-BALANCED-CLOUD-SOLUTIONS-neg-2.png johan_kan2018-11-08 08:35:152018-11-08 08:35:15BF-SIRT Newsletter 2018-31