According to a report by Netlab 360’s Genshen Ye, more than 7,500 of them are actively being spied on by attackers, who are actively forwarding full captures of their network traffic to a number of remote servers. Additionally, 239,000 of the devices have been turned into SOCKS 4 proxies accessible from a single, small Internet address block.
MikroTik provides routing and wireless hardware for Internet service providers and businesses worldwide, including ISP and campus network infrastructure such as outdoor fiber routers and wireless backbones. The vulnerable routers discovered by Netlab 360, still configured with an unpatched interface for the company’s Winbox router configuration utility, are widely distributed—but the largest concentrations of affected networks were in Brazil and Russia. There were 14,000 devices identified operating using US-based IP addresses.
I’ve been very happy with the security features of Ubiquiti’s UniFi line of prosumer-grade network gear, which came recommended to me by an IT friend.