Capable of launching record-breaking distributed denial-of-service (DDoS) attacks, the Mēris botnet has only been around for several months, but security researchers believe it already has more than 200,000 bots. Overall, however, more than 328,000 routers are potentially at risk. The vast majority of the vulnerable devices, security researchers have discovered, are MikroTik routers running various versions of RouterOS. Many of the devices apparently run a stable iteration prior to the last. According to MikroTik, the bots are in fact routers that were previously compromised in 2018, and which haven’t been properly secured, even if the patches released at the time were installed in a timely manner. “Unfortunately, closing the vulnerability does not immediately protect these routers. If somebody got your password in 2018, just an upgrade will not help. You must also change password, re-check your firewall if it does not allow remote access to unknown parties, and look for scripts that you did not create,” a MikroTik employee noted in a forum post. The company also underlines that the attacks don’t target a new, undisclosed vulnerability, and that users who applied the patches and also reset their passwords are protected.
Hundreds of thousands of routers are potentially at risk of being part of this botnet. If you have MikroTik router, it is highly recommended to apply the latest patches and reset your password.