(707) 268-8850    Get SUPPORT

Network Management Services Blog

Network Management Services has been serving the Eureka area since 1995, providing IT Support including technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Your Router Can Host Some Pretty Nasty Malware

Your Router Can Host Some Pretty Nasty Malware

Hundreds of millions of people use wireless Internet connections every day, and as a result, hackers are taking that as a challenge. They are now starting to develop malware that targets people through their routers. Recently, security researchers at Kaspersky Lab have discovered the malware named Slingshot. The code is designed to spy on PCs through a multi-layer attack that targets MikroTik routers. Today we take a look at Slingshot, and other router-based malware and what you can do about it.

Slingshot
Slingshot works by replacing a library file with a malicious version that downloads more malicious components and then eventually launches a two-front attack on the computers connected to it. The first one runs low-level kernel code that gives an intruder free rein of a system, while the other focuses on the user level and includes code to manage the file system and keep the malware alive.

It is a very intricate attack that calls the nefarious code in from an encrypted virtual file system; managing to do so without crashing the host system, a feat not lost on the security experts at Kaspersky Lab, who deemed it a state-sponsored attack because of the quality of the overall attack and the complexity of its components. Reports suggest that the malware can basically steal whatever it wants, including keyboard strokes, passwords, screenshots, and information about network usage and traffic.

MikroTik has announced that they have patched the vulnerability on versions of their routing firmware, but concerns remain as no one is sure if other router manufacturers have been affected. If that were to come to fruition, Slingshot could be a much larger problem than is currently believed.

Other Instances
Slingshot isn’t the first instance of a router turning on its owner. Traditionally, router security is known to be largely unreliable. Much of this is on the manufacturers, which have been known to build many different products without having a strategy in place to keep them working with up-to-date security. It is also up to the user to keep their router’s firmware up-to-date - something that is very easy to not keep top-of-mind. Plus, some routers make firmware updates time-consuming and difficult.

To attack the network, hackers seek to change the DNS server setting on your router. When you try to connect to a secure website, the malicious DNS server tells you to go to an elaborately constructed phishing site instead. By spoofing the domain and rerouting you to a website that is specifically constructed to take advantage of you, you have very little chance of warding off the attack before it’s too late.

Hackers have also been known to inject all types of user hindrances such trying to perform drive-by downloads, or inundating users with advertisements. Many attacks make use of cross-site request forgery attacks where a malicious actor creates a rogue piece of JavaScript that repeatedly tries to load the router’s web-admin page and change the router’s settings.

What to Do If This Happens to You
The first thing you should do is work to ascertain if your router has been compromised. You can do this in several ways, but the most telling is that your DNS server has been changed. You’ll have to access your router's web-based setup page. Once in, you have to visit the Internet connection screen. If your DNS setting is set to automatic, you are in the clear. If it’s set to “manual”, however, there will be custom DNS servers entered in the space. Many times, this is the first sign of a problem.

If you have been compromised, ensuring your router is set up to your manufacturer’s specifications will help you mitigate damage. To ward against this happening to you, you should always:

  • Install firmware updates: Making sure your router’s firmware is updated to the latest version will definitely help.
  • Disable remote access: Stop remote access to secure against anyone changing settings on your networking equipment.
  • Turn off UPnP: Plug and play can be very convenient, but your router could be affected through UPnP if there is any malware on the network since it is designed to universally trust all requests.
  • Change credentials: Changing your passwords are a simple way of keeping unwanted entities out of your router.

For more information about network and cybersecurity, the expert technicians at Network Management Services are accessible and ready to help you keep your network and infrastructure secure. For help, call us at (707) 268-8850.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Monday, June 25 2018

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Technology Cloud Best Practices Network Security Business Computing Managed IT Services Privacy Malware Hackers Backup Google VoIP Hosted Solutions Email Data Backup Outsourced IT IT Support Mobile Devices Data Recovery Microsoft Software Internet of Things Innovation Internet Cloud Computing Business Continuity Saving Money Ransomware Data Small Business Business Cybercrime Efficiency Communications Disaster Recovery Cybersecurity Android BDR IT Services Tech Term Hardware Computers Smartphone Browser Avoiding Downtime User Tips How To Server Communication Alert Artificial Intelligence Smartphones Managed IT Two-factor Authentication Business Management Money Router Chrome Phishing BYOD Social Engineering Data Security Data Protection Vulnerability Mobility Managed IT Services Collaboration Windows Law Enforcement Business Intelligence Mobile Device Management Proactive IT Telephone Systems Identity Theft Budget Word Gadgets Upgrade Virtualization Social Media Bandwidth Redundancy Flexibility Network Computer Passwords VPN Managed Service Provider Compliance Document Management Private Cloud Connectivity Firewall Office 365 Remote Monitoring Productivity Save Money Spam Windows 10 Operating System App Smart Tech OneNote IT Management Content Management Bring Your Own Device Windows 7 IT Plan Information Technology Apps Credit Cards Work/Life Balance Automation Productivity Unsupported Software Big Data Servers Employer-Employee Relationship Infrastructure Miscellaneous Data Breach Windows 10 Spam Blocking Value Data loss Solid State Drive Wi-Fi Networking Comparison Holiday Hacking Business Owner Analysis Physical Security Update Government Workers Quick Tips Google Drive Data Storage Website Facebook Public Cloud Data storage Content Filtering Office Tips Mobile Device CES Remote Work Electronic Medical Records Windows Server 2008 iPhone Network Congestion Paperless Office History Unified Communications Professional Services Black Market PDF Streaming Media Multi-Factor Security Data Management Password IT Consultant Students Theft Unified Threat Management Insurance Tools Keyboard Office Blockchain Safety Content Filter Trending Emergency The Internet of Things Human Resources Regulations Leadership Healthcare User Error Hiring/Firing Netflix Google Apps Cleaning Practices Downtime Education Relocation Storage Lifestyle Patch Management Electronic Health Records Fraud Staff Health Settings Computer Care Hosted Computing Botnet Root Cause Analysis Scam Software Tips Applications Humor Mobile Computing webinar Machine Learning Amazon Digital Signature Flash HaaS Files Internet Exlporer Reputation Password Manager Samsung Inventory Travel Meetings Addiction Conferencing YouTube Amazon Web Services Encryption Entertainment End of Support Customer Business Mangement Access Control USB Workplace Tips HBO Cache IT Support Online Shopping Strategy Sync Internet exploMicrosoft Cortana Windows 10s Gmail Authentication Software as a Service Screen Mirroring Wireless Technology Outlook Supercomputer Wireless Internet Specifications Evernote IBM Telephony Audit Advertising Recycling Hacker SaaS Nanotechnology Marketing Hosted Solution Cast Frequently Asked Questions Microsoft Office Wire Millennials HVAC Wireless Charging Training Accountants Skype Risk Management Computer Fan Legal Colocation eWaste Recovery Workforce Excel Save Time Current Events Sports Fiber-Optic Start Menu FENG Computing Infrastructure Criminal Devices Google Docs Telecommuting Tip of the week Apple Knowledge Smart Office Hard Drives Emails Cables Charger IoT Mobile HIPAA Data Warehousing Hybrid Cloud Monitor Thought Leadership Voice over Internet Protocol Public Speaking Automobile Webinar NIST Lithium-ion battery Public Computer Augmented Reality IT solutions Tech Support CrashOverride Video Games Battery Employer Employee Relationship Techology Experience Remote Computing Competition Computer Accessories Content Fun Users Music Scalability Twitter Bluetooth Audiobook Wearable Technology Transportation Virtual Reality Wireless Search Presentation Benefits Worker Commute Company Culture Worker Loyalty Troubleshooting Instant Messaging Smart Technology 5G Managing Stress Rootkit How to Customer Relationship Management IP Address WiFi Two Factor Authentication Enterprise Content Management Customer Service Vendor Management Politics Best Practice Shadow IT Mobile Office Assessment Domains Administration Password Management Television Books

Sign up for our Newsletter!

  • Company Name *
  • First Name *
  • Last Name *