(707) 268-8850    Get SUPPORT

Network Management Services Blog

Your Router Can Host Some Pretty Nasty Malware

Your Router Can Host Some Pretty Nasty Malware

Hundreds of millions of people use wireless Internet connections every day, and as a result, hackers are taking that as a challenge. They are now starting to develop malware that targets people through their routers. Recently, security researchers at Kaspersky Lab have discovered the malware named Slingshot. The code is designed to spy on PCs through a multi-layer attack that targets MikroTik routers. Today we take a look at Slingshot, and other router-based malware and what you can do about it.

Slingshot works by replacing a library file with a malicious version that downloads more malicious components and then eventually launches a two-front attack on the computers connected to it. The first one runs low-level kernel code that gives an intruder free rein of a system, while the other focuses on the user level and includes code to manage the file system and keep the malware alive.

It is a very intricate attack that calls the nefarious code in from an encrypted virtual file system; managing to do so without crashing the host system, a feat not lost on the security experts at Kaspersky Lab, who deemed it a state-sponsored attack because of the quality of the overall attack and the complexity of its components. Reports suggest that the malware can basically steal whatever it wants, including keyboard strokes, passwords, screenshots, and information about network usage and traffic.

MikroTik has announced that they have patched the vulnerability on versions of their routing firmware, but concerns remain as no one is sure if other router manufacturers have been affected. If that were to come to fruition, Slingshot could be a much larger problem than is currently believed.

Other Instances
Slingshot isn’t the first instance of a router turning on its owner. Traditionally, router security is known to be largely unreliable. Much of this is on the manufacturers, which have been known to build many different products without having a strategy in place to keep them working with up-to-date security. It is also up to the user to keep their router’s firmware up-to-date - something that is very easy to not keep top-of-mind. Plus, some routers make firmware updates time-consuming and difficult.

To attack the network, hackers seek to change the DNS server setting on your router. When you try to connect to a secure website, the malicious DNS server tells you to go to an elaborately constructed phishing site instead. By spoofing the domain and rerouting you to a website that is specifically constructed to take advantage of you, you have very little chance of warding off the attack before it’s too late.

Hackers have also been known to inject all types of user hindrances such trying to perform drive-by downloads, or inundating users with advertisements. Many attacks make use of cross-site request forgery attacks where a malicious actor creates a rogue piece of JavaScript that repeatedly tries to load the router’s web-admin page and change the router’s settings.

What to Do If This Happens to You
The first thing you should do is work to ascertain if your router has been compromised. You can do this in several ways, but the most telling is that your DNS server has been changed. You’ll have to access your router's web-based setup page. Once in, you have to visit the Internet connection screen. If your DNS setting is set to automatic, you are in the clear. If it’s set to “manual”, however, there will be custom DNS servers entered in the space. Many times, this is the first sign of a problem.

If you have been compromised, ensuring your router is set up to your manufacturer’s specifications will help you mitigate damage. To ward against this happening to you, you should always:

  • Install firmware updates: Making sure your router’s firmware is updated to the latest version will definitely help.
  • Disable remote access: Stop remote access to secure against anyone changing settings on your networking equipment.
  • Turn off UPnP: Plug and play can be very convenient, but your router could be affected through UPnP if there is any malware on the network since it is designed to universally trust all requests.
  • Change credentials: Changing your passwords are a simple way of keeping unwanted entities out of your router.

For more information about network and cybersecurity, the expert technicians at Network Management Services are accessible and ready to help you keep your network and infrastructure secure. For help, call us at (707) 268-8850.

Save the Date: Microsoft Products End of Life
Know Your Tech: Cache


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Tuesday, December 18 2018

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Technology Cloud Best Practices Network Security Business Computing Privacy Managed IT Services Hackers Malware Data Backup Innovation Backup Hosted Solutions Mobile Devices VoIP Google Email Data Data Recovery Outsourced IT Tech Term IT Support Cloud Computing Software IT Services Saving Money Internet of Things Internet Microsoft Business Continuity Efficiency Communications Hardware BDR Communication Small Business Cybersecurity Smartphones Business Ransomware Cybercrime Android User Tips Artificial Intelligence Server Disaster Recovery Managed IT Smartphone Windows Gadgets How To Alert Browser Network Computers Managed IT Services Avoiding Downtime Save Money Firewall Phishing Passwords Workplace Tips Vulnerability Mobility Productivity Law Enforcement Social Engineering Collaboration Miscellaneous Router BYOD Business Management Social Media Applications Business Intelligence Mobile Device Management Money Windows 10 Two-factor Authentication Data Security Data Protection Chrome Computer Flexibility Managed Service Provider Private Cloud Telephone Systems Productivity Budget Bandwidth Identity Theft Remote Monitoring Blockchain Office 365 Word Document Management Operating System Virtualization Proactive IT Upgrade IT Support Facebook Spam VPN Connectivity Compliance Redundancy Government Data loss CES App OneNote Comparison Settings Apps Solid State Drive Google Drive Data Breach IT Management Windows 7 Content Filtering Encryption Information Holiday Content Management Paperless Office Password Microsoft Office File Sharing Access Control Quick Tips Business Owner Public Cloud Smart Tech Employer-Employee Relationship IT Plan Big Data Managed Service Update Information Technology Website Work/Life Balance Data storage Value Networking Credit Cards Unsupported Software Servers Bring Your Own Device Analysis Data Storage Virtual Assistant Mobile Computing Unified Threat Management Hacking Spam Blocking Windows 10 Infrastructure Sports Office Tips Wi-Fi Physical Security Mobile Device Automation Training Workers Windows Server 2008 Remote Work Digital Signature Machine Learning Augmented Reality Entertainment Cables Devices User Error Smart Office Wireless Technology Safe Mode Relocation Professional Services Current Events Amazon Web Services Inventory USB Colocation HBO Computer Care Safety HVAC Sync Scam IoT IBM Hiring/Firing MSP Health Multi-Factor Security Business Mangement Addiction YouTube The Internet of Things Screen Mirroring Software as a Service webinar Unified Communications Thought Leadership Marketing PDF Hacker Black Market Data Management Humor CrashOverride Tools Knowledge Online Shopping Computing Infrastructure Outlook Specifications Samsung Enterprise Content Management Audit Telephony Remote Worker Keyboard Files Trending Charger Emails Gmail Cache Regulations Strategy Apple Cast Conferencing Theft Streaming Media Reputation Internet Exlporer Students Business Technology Downtime Electronic Medical Records Network Congestion Evernote Authentication Hosted Solution Frequently Asked Questions Millennials Wireless Internet Password Management Hybrid Cloud Computer Fan Skype Insurance Wiring Lifestyle Recycling Legal Hard Drives Risk Management iPhone Google Apps Content Filter Education Customer End of Support Human Resources Healthcare Root Cause Analysis Botnet IT Consultant Wireless Charging Nanotechnology Recovery Monitor History Excel Workforce eWaste Wire NIST Save Time FENG Start Menu Supercomputer Fraud Practices Camera Software Tips Internet exploMicrosoft Flash Emergency Accountants Google Docs Storage Telecommuting SaaS Staff Electronic Health Records HaaS Telephone System Meetings Travel Leadership Fiber-Optic Tip of the week Criminal Cryptocurrency Office Mobile Amazon Hosted Computing Cortana Cleaning Netflix Advertising Windows 10s Patch Management HIPAA Data Warehousing Voice over Internet Protocol Password Manager Regulation Computer Accessories 5G Automobile Two Factor Authentication Tech Support Worker Commute Vendor Management Assessment Bluetooth Fun Instant Messaging Troubleshooting Competition Transportation Customer Relationship Management Video Games Books Television Company Culture IP Address Battery Techology Users How to Administration Benefits Customer Service Remote Computing Experience Webinar Public Computer Managing Stress Proactive WiFi Worker Mobile Office Loyalty Domains Search Content Wireless Smart Technology Scalability Music IT solutions Best Practice Remote Monitoring and Maintenance Politics Rootkit Public Speaking Audiobook Employer Employee Relationship Shadow IT Presentation Printers Wearable Technology Lithium-ion battery Virtual Reality Line of Business Twitter