I spotted bruteforcing while checking out NMS syslogs I did not notice the original issue as this was on a private rb, but once the hacker gained access to toady's rb he scanned wug routers.
The sure fire way to see if your router is at risk for this sort of thing is if your logs look like this:
These are failures from internet IPs. It's clear how they are trying various usernames and probably passwords too. So if one of your passwords has been used by someone else or your password was part of a password dump from some other website, you are at risk. Toady's password was not great but not super simple either.
The other issue is leaving ports open to the internet. Usually we always NAT our internet (so our stuff behind the network is less at risk) but we often forget that our routers are on the internet. Mikortiks come with a clean slate and therefore do not have the usually firewalls a consumer device might have.
I'd suggest that if you have internet on a Mikrotik or similar device that you drop all traffic on the input chain from the internet interface. Be careful when adding this rule as you can quite easily lock yourself out of your rb. Make sure you only block the internet interface (and not the LAN side you are connecting from).
Then only open ports that you require to be open (or nat those that you need to the relevant pc inside your network).
This is also why your passwords should be secure both on and off the wug.