Check for a high volume of outgoing connections to unknown IPs—a sign of botnet activity.
The following versions of Mikrotik RouterOS are affected by this vulnerability: mikrotik routeros authentication bypass vulnerability
A side-channel vulnerability in Winbox that allows attackers to confirm valid usernames via response size discrepancies, facilitating brute-force attacks. Check for a high volume of outgoing connections