Cybercriminals across the globe have made MikroTik routers their permanent ground for infecting users with crypto-jacking malware since summer. Due to their found love in infecting Latvian network routers the number of affected routers has doubled from a mere 280,000 in September to now 415,000 routers.
According to security researcher VriesHd, the infected routers are put to work and mine virtual currencies for the cybercriminals. VriesHd has been keenly tracking the malware infection since August, and his report corresponds with his counterparts over at Bad Packets Report. At that time the infected routers were 200,000, but now the attacks have doubled. The figures consist of IP addresses that were infected by crypto-jacking scripts malware. But according to researchers, the figures might be slightly off.
Attackers shift from CoinHive
In their previous attacks the cybercriminals used CoinHive mining software to infect many of the routers, but recently they have changed tactics and have been using Omine mining software. CoinHive is a Monero mining software. Besides the two mining software cybercriminals are also using Coinlmp. CoinHive was the main mining software used, and according to Palo Alto Network, 5% of Monero in circulation are from crypto-jacking. Palo Alto Network is network and security firm from California.
While the majority of infected routers were in Brazil, the crypto-jacking activities have spread to India Iran and Indonesia. Furthermore according to cybersecurity firm based in Iran Brazil was hard hit with 81,000 cases been recorded followed by India which had 29,000 cases while Indonesia and Iran itself had 23,000 and 11,000 cases in total. Moreover according to a report from Bloomberg crypto-jacking incidence increased this year by 500% after cyber criminals stole code from US National Security Agency NS. Armed with the code they were able to push malware and were targeting Microsoft systems.
Solutions in Place
Although cybercriminals have already infected these MikroTik routers, Troy Mursch security expert from Bad Packets urges victims of these attacks to upgrade their router firmware. The latest updates from MikroTik can help them protect themselves from such attacks. Besides users updating their router’s firmware internet service providers can assist by pushing over the air updates which will automatically update the firmware. According to Mursch the MikroTik router manufacturer had already released a patch sometime back, and it’s been available for quite some time. For those who updated their router’s firmware, they were no longer affected. But for the rest, the malware continued mining crypto for hackers.