Researchers have analyzed the MikroTik SOHO and IoT devices that are characterized by a vulnerable state which makes them both an easy target for malicious actors and, at the same time, complicated for organizations to manage.
MikroTik devices present an enticing set of traits from the perspective of an attacker. First of all, they are plentiful with more than 2,000,000 devices deployed worldwide, and also particularly powerful and feature-rich devices. In addition to serving SOHO environments, MikroTik routers and wireless systems are regularly used by local ISPs. The same horsepower that can make MikroTik enticing to an ISP, can also be enticing to an attacker.
MikroTik Routers Are Targeted by Hackers: More Details
The research team from Eclypsium started their analysis on MikroTik routers at the beginning of September this year. Based on previous analysis on how the cybercriminals behind TrickBot managed to use compromised routers as C2 infrastructure, the experts from Eclypsium published a report where they presented an analysis of why MicrokTik devices are so popular among hackers.
One of the reasons highlighted by them would be that these come with default admin credentials and even those used in enterprise environments lack default WAN port settings. The