Attackers are increasingly targeting the very perimeter devices—firewalls, routers, IPS solutions—meant to stand guard at the network’s edge. Unfortunately, many vendors can only flag malicious flows, rather than proactively blocking them at their source. At ThreatSTOP, we believe that any solution worth its salt must do more than filter traffic; it has to actively protect your critical infrastructure.

That’s where ThreatSTOP IP Defense comes in. By centrally managing and automating Access Control Lists (ACLs) on your firewalls, routers, and other IP-based systems, we make sure known malicious IPs never even reach your network—rather than merely watching them pass by. Below are a few real-world examples that emphasize just how crucial true perimeter protection is.

 

Cyberattacks on Routers and Firewalls: Notable Incidents

MikroTik Router Cryptojacking Campaign (2018)

A massive cryptojacking attack compromised over 200,000 MikroTik routers to inject a Coinhive cryptocurrency miner into users’ web traffic. Attackers exploited an unauthenticated remote vulnerability in the Winbox management service (RouterOS) to gain admin access and modify web proxy settings. Initially impacting devices in Brazil, the campaign soon became a global issue. By creating persistent backdoors, the attackers demonstrated the dangers of unpatched firmware and the urgent need for robust security measures.

For more details, see:

Trustwave SpiderLabs Blog: Impatient Cryptominers – Massive Cryptojacking Campaign Targeting MikroTik Routers in Brazil

 

“Slingshot” APT via MikroTik Routers (2012–2018)

First uncovered by Kaspersky, Slingshot was a covert espionage operation that used compromised MikroTik routers to deliver a malicious DLL to administrators’ Windows PCs. When admins connected via the Winbox tool, the router secretly installed a sophisticated spyware toolkit on their machines. Operating undetected for years, Slingshot underscored how attackers can leverage perimeter devices as stealthy footholds into deeper network resources.

Read more about this discovery:

Kaspersky Securelist Blog: Slingshot – Hunting for Pegasus in the Network Jungle

 

How ThreatSTOP IP Defense Takes It Further

These high-profile router compromises highlight a critical truth: filtering alone can’t keep up with attackers targeting perimeter devices. Our IP Defense solution stands apart by:

1. Automating Threat Intelligence: We continuously update your ACLs with real-time malicious IP data derived from our ThreatSTOP Security, Intelligence, and Research team, ensuring attackers are locked out before they exploit your hardware.

2. Integrating at the Device Level: Instead of a mere traffic filter, IP Defense fully integrates into your firewall, router, or IPS system, strengthening the built-in ACL mechanism to preemptively block unwanted connections.

3. Protecting in Any Environment: From on-premises gear to cloud infrastructure, IP Defense seamlessly extends to wherever you need it, including firewalls, routers, IPS appliances, or even AWS WAF.

4. Complementing Protective DNS: While DNS Defense and DNS Defense Cloud protect your domain name system, IP Defense covers the IP layer. This dual-layered strategy gives you a unified stance against evolving threats.

 

Ready to Experience True Perimeter Protection?

For those interested in joining the ThreatSTOP family, or to learn more about our proactive protections for all environments, we invite you to visit our product page. Discover how our solutions can make a significant difference in your digital security landscape. We have pricing for all sizes of customers! Get started with a Demo today!

Connect with Customers, Disconnect from Risks