Mēris Botnet Mitigation Measures Shared by MikroTik
Use Strong Passwords, VPN Services for Remote Access, Check RouterOS for Unknown Settings and Many More.
Last updated on September 16, 2021
MikroTik, the Latvian-based manufacturer of network equipment has shared in yesterday’s blog post some mitigation measures to fight against Mēris botnet. These Mēris Botnet mitigation measures can be used by clients to secure their compromised routers.
Mēris Botnet: a Little Background
As my colleague Dora wrote on the 10th of September, Mēris is a DDoS botnet that has been impacting the Russian company Yandex for a while, reaching its attack peak of 21.8 million requests per second, which was an all-time high in regards to cyberattacks related to the Russian Internet.
DDoS comes from Distributed Denial-of-Service, a topic covered by my colleague Elena in a well-documented article. Simply put, in this kind of attack, the hacker will send lots of requests to a web resource, for example, a company’s website with the intention to surpass the capacity of that network resource to receive requests, as every website has limited space in this sense. This will only eventually lead to improper website functionality.
Before this attack targeted Yandex, Cloudflare also stopped another one in August that reached no less than 17.2 million request-per-second (RPS).
Mēris Botnet Mitigation Measures
In a blog post that was released yesterday, the MikroTik enterprise shared some Mēris botnet mitigation measures intended to remove this botnet from the compromised gateways.
In 2018, MikroTik RouterOS was impacted by a vulnerability I mentioned above, CVE-2018-14847. The team of experts said in their blog post that the new wave of 2021 DDoS attacks involving Mēris botnet made use of the same impacted routers from 2018. The issue lies in the fact that if hackers obtained the password in 2018, even if CVE-2018-14847 is patched for a long time, a mere upgrade is not enough.
Unfortunately, closing the vulnerability does not immediately protect these routers. If somebody got your password in 2018, just an upgrade will not help. You must also change the password, re-check your firewall if it does not allow remote access to unknown parties, and look for scripts that you did not create.
Hi! My name is Andra and I am a passionate writer interested in a variety of topics. I am curious about the cybersecurity world and what I want to achieve through what I write is to keep you curious too!