I have CCR routerboard since last 2days attackers were able to change DNS settings on Mikrotik router via api interface, so the clients were directed to attacker's servers, as you can no doubt of guess SSL secured services immediately warned about certificate issue on clients' browsers. DNS was the only setting that was changed, so we did not have any other issue, changed to DNS servers.

192.200.110.108 > is set as DNS server by the attacker.

Upgrade ROS to latest version, do not allow access to the router from public networks.

Read this thread: viewtopic.php?f=2&t=134793

Make sure that external attackers have no access to your router.
Do this by setting up a proper ip->firewall->filter input chain.
Only trusted networks should have access to your router.

Why was api service enabled?