Exposed Mikrotik RouterOS in Indonesia: A Wake-Up Call for Stronger Network Security Measures

On March 18th, 2023, the Cyber Defense Insight team conducted research on the usage of Mikrotik RouterOS that were exposed to the public, with Indonesia being one of the sampled countries. In this study, we discovered a total of 7,779 exposed Mikrotik RouterOS, with the top 10 being located in Jakarta, Surabaya, Pontianak, Banten, Bandung, Yogyakarta, Sidoarjo, Batam, Malang, and Medan.

TOP 10 Cities in Indonesia where Mikrotik RouterOS is exposed

While users may feel safe due to the presence of a login page that can protect their systems, our team found that the version they are using is outdated and not the current version (7.8 Stable). Several versions we found were also affected by CVE-2019-3924, which could allow a remote unauthenticated attacker to proxy traffic through RouterOS via probes sent to the agent binary.

TOP 10 Mikrotik exposed version 

Based on our findings, this poses a potential risk for future attacks and can disrupt the operations of affected companies. We recommend limiting public access to internal network devices by making access restricted to local only.

In addition to this recommendation, it is also crucial to keep your RouterOS updated regularly to the latest stable version. Regular updates can fix known vulnerabilities and protect your system from potential threats. It is also crucial to have a strong and secure password to protect your login page and ensure that only authorized personnel can access the system.

Furthermore, companies should consider implementing security measures such as firewalls, intrusion detection systems, and regular security audits to detect and prevent potential threats. It is also essential to train employees on proper security practices and educate them on how to identify and report potential security incidents.

In conclusion, the findings from our research highlight the importance of securing network devices, especially those exposed to the public. By following our recommendations and implementing strong security measures, companies can protect their operations and prevent potential attacks.