It has come to our attention that a rogue botnet is currently scanning random public IP addresses to find open Winbox (8291) and WWW (80) ports, to exploit a vulnerability in the RouterOS www server that was patched more than a year ago (in RouterOS v6.38.5, March 2017).
Since all RouterOS devices offer free upgrades with just two clicks, we urge you to upgrade your devices with the “Check for updates” button, if you haven’t done so within the last year.
More information can be found HERE
Chances are you have recently heard about Slingshot. A ZDNet article explains “Researchers at Kaspersky Lab have discovered espionage malware that appears to have been developed by a government to spy on targets across Africa and the Middle East for the past six years. The researchers haven’t named Slingshot’s country of origin, but note the presence of debug messages written in perfect English, while various component names such as Gollum and Smeagol suggest the authors are fans of The Hobbit. Slingshot reached targets using a compromised software update for routers made by Latvian firm MikroTik.”
So, do you need to be concerned? This email from Normunds at MikroTik explains the slingshot malware attack and why you should or should not worry about it.
All RouterOS versions are safe if you use Winbox 3. Only the old Winbox v2 downloads DLL files from the router. Winbox v3 has been available since the year 2014.
Kaspersky said they have found a malicious DLL file that was loaded to the end users Windows computer with Winbox from a MikroTik router. They said this is a targeted attack on specific organizations and this tool is not spreading itself.
1. Winbox no longer downloads any DLL files from the device, if you are using Winbox v3. Make sure to upgrade RouterOS and Winbox loader. It has been out for ~4 years.
2. As to how this DLL file got it’s way inside a MikroTik router in the first place, is unclear. Most likely this is related to a previously discovered vulnerability in the www service, which was patched in March 2017. Please note that devices affected were only those which did not have a firewall configured.
After the mentioned fixes, we have repeatedly increased RouterOS file system security and made additional internal mechanisms to prevent anything like this in the future. Please keep your devices up to date and configure a firewall (if you disabled the default one) to prevent any unauthorized IPs from accessing your router.
So, the bottom line is to use WInbox version 3, do a one time upgrade to the current version of RouterOS and worry about something else like, “What’s for lunch?”.
This year, 2018 marks my tenth year as a MikroTik trainer and I have been asked this question more times than I can count. Typically, the question is accompanied by the asker’s reasoning for asking the question. Their reasonings are valid and so I would like to address these questions:
- “I am an owner or manager and I don’t actually log into routers so how could I benefit from training?”
- “I have been using MikroTik RouterOS for more than X years, and I use it on a daily basis so why would I need a certification?”
Owners or Managers
With respect to the owner or manager, I can tell you that attending training is one of the most important things you can do to improve your effectiveness as a manager and strategic planner. Formal training enables you to understand at a deeper level, the capabilities of RouterOS, thereby enabling you to better direct your staff. Network expansion options, changes to architecture, new services for your customers, all of these are much more clear when you understand at a granular level, the capabilities of the product. For the owner, this knowledge also facilitates your ability to hire the right technicians and to vet the resume of a potential hire. Finally, it is important to not overlook the opportunity to network with other owners and managers at one of the few events that attract people in exactly your same position. Networking creates new opportunities and new ideas you can incorporate into your business.
I have trained literally thousands of people, many of which introduced themselves as having a level of knowledge adequate to “teach this class themselves” and I always welcome these people with open arms for many reasons. First, I am always wearing two hats, trainer and student because every day I learn something new myself. Technology changes so rapidly, I will never “know it all” or even a fraction of what is possible to learn on a daily basis. Secondly, teaching a group of twenty-something people by myself can be a challenge so having some extra help during the labs is a benefit to me. Finally, I always say “I never learned so much about a subject until I started teaching it” and the same is true for the seasoned technician involved in formal training. Although you may have a good foundation, often based on self-paced learning, imparting that knowledge to others makes it grow and progress at a pace far faster than otherwise possible working on your own. Finally, the most common feedback I get from an experienced person in my classes is that they learned many new ways to do things they had been doing for years “the hard way”. Standardized training teaches the most optimal way to perform essential tasks using best practices. This makes your job easier and makes you more efficient.
Finally, I always make it a practice to make myself available to speak with every student that leaves my classroom on the last day of training to get this important feedback and I can say with great confidence, I do not know of a single person, regardless of experience level that didn’t get something important from the class. That doesn’t speak so much of my ability to teach as it does to the value of formal training.
So, how can you benefit from formal training and when is the next opportunity? Check our training calendar at https://mywisptraining.com and get signed up. I hope to see you in class soon.