The flaw affects OpenSSL versions 1.02, 1.1.1, and 3.0, all of which have been patched. OpenSSL is a core component of Unix and Linux-based systems, and is also bundled into software applications that run on Windows.
Owners of the globally popular and cheap MikroTik brand of home routers inadvertently were involved in an attempt to take down Russian search engine giant Yandex in September, when the MikroTik-based Mēris botnet was used in a record-breaking DDoS attack.
The attacks appear to be directed through a massive, 20,000 IoT device botnet, with a disproportionate amount of devices, more than a combined 30 percent, located in Indonesia and Brazil.