(707) 268-8850    Get SUPPORT

Network Management Services Blog

Your Router Can Host Some Pretty Nasty Malware

Your Router Can Host Some Pretty Nasty Malware

Hundreds of millions of people use wireless Internet connections every day, and as a result, hackers are taking that as a challenge. They are now starting to develop malware that targets people through their routers. Recently, security researchers at Kaspersky Lab have discovered the malware named Slingshot. The code is designed to spy on PCs through a multi-layer attack that targets MikroTik routers. Today we take a look at Slingshot, and other router-based malware and what you can do about it.

Slingshot
Slingshot works by replacing a library file with a malicious version that downloads more malicious components and then eventually launches a two-front attack on the computers connected to it. The first one runs low-level kernel code that gives an intruder free rein of a system, while the other focuses on the user level and includes code to manage the file system and keep the malware alive.

It is a very intricate attack that calls the nefarious code in from an encrypted virtual file system; managing to do so without crashing the host system, a feat not lost on the security experts at Kaspersky Lab, who deemed it a state-sponsored attack because of the quality of the overall attack and the complexity of its components. Reports suggest that the malware can basically steal whatever it wants, including keyboard strokes, passwords, screenshots, and information about network usage and traffic.

MikroTik has announced that they have patched the vulnerability on versions of their routing firmware, but concerns remain as no one is sure if other router manufacturers have been affected. If that were to come to fruition, Slingshot could be a much larger problem than is currently believed.

Other Instances
Slingshot isn’t the first instance of a router turning on its owner. Traditionally, router security is known to be largely unreliable. Much of this is on the manufacturers, which have been known to build many different products without having a strategy in place to keep them working with up-to-date security. It is also up to the user to keep their router’s firmware up-to-date - something that is very easy to not keep top-of-mind. Plus, some routers make firmware updates time-consuming and difficult.

To attack the network, hackers seek to change the DNS server setting on your router. When you try to connect to a secure website, the malicious DNS server tells you to go to an elaborately constructed phishing site instead. By spoofing the domain and rerouting you to a website that is specifically constructed to take advantage of you, you have very little chance of warding off the attack before it’s too late.

Hackers have also been known to inject all types of user hindrances such trying to perform drive-by downloads, or inundating users with advertisements. Many attacks make use of cross-site request forgery attacks where a malicious actor creates a rogue piece of JavaScript that repeatedly tries to load the router’s web-admin page and change the router’s settings.

What to Do If This Happens to You
The first thing you should do is work to ascertain if your router has been compromised. You can do this in several ways, but the most telling is that your DNS server has been changed. You’ll have to access your router's web-based setup page. Once in, you have to visit the Internet connection screen. If your DNS setting is set to automatic, you are in the clear. If it’s set to “manual”, however, there will be custom DNS servers entered in the space. Many times, this is the first sign of a problem.

If you have been compromised, ensuring your router is set up to your manufacturer’s specifications will help you mitigate damage. To ward against this happening to you, you should always:

  • Install firmware updates: Making sure your router’s firmware is updated to the latest version will definitely help.
  • Disable remote access: Stop remote access to secure against anyone changing settings on your networking equipment.
  • Turn off UPnP: Plug and play can be very convenient, but your router could be affected through UPnP if there is any malware on the network since it is designed to universally trust all requests.
  • Change credentials: Changing your passwords are a simple way of keeping unwanted entities out of your router.

For more information about network and cybersecurity, the expert technicians at Network Management Services are accessible and ready to help you keep your network and infrastructure secure. For help, call us at (707) 268-8850.

Save the Date: Microsoft Products End of Life
Know Your Tech: Cache
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Monday, October 15 2018

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Technology Cloud Best Practices Network Security Business Computing Privacy Managed IT Services Hackers Malware Data Backup Innovation Backup Hosted Solutions VoIP Mobile Devices Google Email Outsourced IT Tech Term Data Recovery Data IT Support Saving Money Internet Internet of Things Microsoft IT Services Software Cloud Computing Business Continuity Efficiency Communications Hardware BDR Cybercrime Cybersecurity Ransomware Business Smartphones Communication Small Business User Tips Server Disaster Recovery Android Artificial Intelligence Avoiding Downtime Gadgets Save Money Browser How To Managed IT Network Computers Alert Managed IT Services Smartphone Windows Applications Productivity Miscellaneous Workplace Tips Social Media Business Intelligence Mobility Money Windows 10 Mobile Device Management Business Management Data Security Data Protection Collaboration Two-factor Authentication Computer Passwords Vulnerability Router Chrome Law Enforcement BYOD Social Engineering Phishing Firewall Budget Remote Monitoring Blockchain Word Productivity Virtualization Operating System Bandwidth Flexibility Office 365 Telephone Systems Upgrade Connectivity Proactive IT VPN IT Support Spam Redundancy Managed Service Provider Document Management Compliance Private Cloud Facebook Identity Theft Employer-Employee Relationship IT Plan Settings Public Cloud Data Breach Update Microsoft Office Office Tips Data storage Credit Cards Content Filtering Unsupported Software Mobile Device Analysis Big Data Data Storage Website Servers App Solid State Drive Infrastructure Mobile Computing Value Networking Holiday Hacking Spam Blocking Information Password Sports Bring Your Own Device Business Owner Windows 10 File Sharing Automation Unified Threat Management Physical Security Information Technology Government Managed Service Data loss Work/Life Balance CES Wi-Fi OneNote Comparison IT Management Encryption Google Drive Content Management Paperless Office Training Workers Windows 7 Access Control Virtual Assistant Apps Quick Tips Smart Tech Theft Marketing Streaming Media Hacker Current Events Files Camera Trending Strategy The Internet of Things Computer Care NIST Audit Telephony Authentication Scam Apple Cast HaaS Students Reputation Internet Exlporer Regulations Evernote Telephone System Downtime Recycling Wireless Internet webinar Frequently Asked Questions Millennials Insurance Google Apps Content Filter Knowledge Lifestyle HIPAA Samsung Hybrid Cloud Cryptocurrency Computer Fan Skype Wireless Charging Nanotechnology Hard Drives iPhone Entertainment Human Resources Healthcare Charger Emails Customer End of Support Root Cause Analysis Botnet eWaste Wire Conferencing Monitor History Excel Workforce USB Fraud Practices Start Menu Storage Electronic Medical Records Network Congestion Software Tips Accountants Safe Mode FENG Fiber-Optic MSP Google Docs Staff Electronic Health Records Internet exploMicrosoft HVAC Flash PDF Black Market Meetings Travel Data Management Criminal Tip of the week Telecommuting Amazon Hosted Computing Mobile Password Manager IT Consultant Cortana Keyboard Office Cables Devices Supercomputer Remote Worker Data Warehousing Voice over Internet Protocol Digital Signature Machine Learning Advertising Enterprise Content Management Windows 10s Smart Office User Error Windows Server 2008 Remote Work Hosted Solution Amazon Web Services Inventory Emergency Professional Services Business Mangement Addiction Leadership Colocation HBO IoT SaaS Relocation Business Technology Unified Communications Thought Leadership Hiring/Firing Health Wiring Multi-Factor Security Legal Risk Management YouTube Augmented Reality Cleaning Netflix Password Management Sync Education Patch Management Screen Mirroring Software as a Service Wireless Technology Recovery Online Shopping CrashOverride Tools Save Time Gmail Cache Safety Computing Infrastructure Outlook Specifications IBM Humor Two Factor Authentication Best Practice Politics Company Culture Remote Monitoring and Maintenance Audiobook Vendor Management Shadow IT Competition Bluetooth Administration Wearable Technology Customer Relationship Management Assessment Virtual Reality IP Address Printers Managing Stress Users Transportation Line of Business WiFi Regulation Automobile Customer Service Books Television Search Worker Commute Mobile Office Benefits Domains Webinar Wireless Worker Instant Messaging Troubleshooting Public Computer Twitter Video Games Loyalty Smart Technology Public Speaking IT solutions Battery Techology Presentation Rootkit How to Lithium-ion battery Employer Employee Relationship Remote Computing Experience Proactive Content 5G Tech Support Computer Accessories Scalability Music Fun