(707) 268-8850    Get SUPPORT

Network Management Services Blog

Your Router Can Host Some Pretty Nasty Malware

Your Router Can Host Some Pretty Nasty Malware

Hundreds of millions of people use wireless Internet connections every day, and as a result, hackers are taking that as a challenge. They are now starting to develop malware that targets people through their routers. Recently, security researchers at Kaspersky Lab have discovered the malware named Slingshot. The code is designed to spy on PCs through a multi-layer attack that targets MikroTik routers. Today we take a look at Slingshot, and other router-based malware and what you can do about it.

Slingshot works by replacing a library file with a malicious version that downloads more malicious components and then eventually launches a two-front attack on the computers connected to it. The first one runs low-level kernel code that gives an intruder free rein of a system, while the other focuses on the user level and includes code to manage the file system and keep the malware alive.

It is a very intricate attack that calls the nefarious code in from an encrypted virtual file system; managing to do so without crashing the host system, a feat not lost on the security experts at Kaspersky Lab, who deemed it a state-sponsored attack because of the quality of the overall attack and the complexity of its components. Reports suggest that the malware can basically steal whatever it wants, including keyboard strokes, passwords, screenshots, and information about network usage and traffic.

MikroTik has announced that they have patched the vulnerability on versions of their routing firmware, but concerns remain as no one is sure if other router manufacturers have been affected. If that were to come to fruition, Slingshot could be a much larger problem than is currently believed.

Other Instances
Slingshot isn’t the first instance of a router turning on its owner. Traditionally, router security is known to be largely unreliable. Much of this is on the manufacturers, which have been known to build many different products without having a strategy in place to keep them working with up-to-date security. It is also up to the user to keep their router’s firmware up-to-date - something that is very easy to not keep top-of-mind. Plus, some routers make firmware updates time-consuming and difficult.

To attack the network, hackers seek to change the DNS server setting on your router. When you try to connect to a secure website, the malicious DNS server tells you to go to an elaborately constructed phishing site instead. By spoofing the domain and rerouting you to a website that is specifically constructed to take advantage of you, you have very little chance of warding off the attack before it’s too late.

Hackers have also been known to inject all types of user hindrances such trying to perform drive-by downloads, or inundating users with advertisements. Many attacks make use of cross-site request forgery attacks where a malicious actor creates a rogue piece of JavaScript that repeatedly tries to load the router’s web-admin page and change the router’s settings.

What to Do If This Happens to You
The first thing you should do is work to ascertain if your router has been compromised. You can do this in several ways, but the most telling is that your DNS server has been changed. You’ll have to access your router's web-based setup page. Once in, you have to visit the Internet connection screen. If your DNS setting is set to automatic, you are in the clear. If it’s set to “manual”, however, there will be custom DNS servers entered in the space. Many times, this is the first sign of a problem.

If you have been compromised, ensuring your router is set up to your manufacturer’s specifications will help you mitigate damage. To ward against this happening to you, you should always:

  • Install firmware updates: Making sure your router’s firmware is updated to the latest version will definitely help.
  • Disable remote access: Stop remote access to secure against anyone changing settings on your networking equipment.
  • Turn off UPnP: Plug and play can be very convenient, but your router could be affected through UPnP if there is any malware on the network since it is designed to universally trust all requests.
  • Change credentials: Changing your passwords are a simple way of keeping unwanted entities out of your router.

For more information about network and cybersecurity, the expert technicians at Network Management Services are accessible and ready to help you keep your network and infrastructure secure. For help, call us at (707) 268-8850.

Save the Date: Microsoft Products End of Life
Know Your Tech: Cache


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Monday, March 25 2019

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Technology Cloud Best Practices Network Security Business Computing Privacy Managed IT Services Hackers Malware Data Backup Hosted Solutions Innovation Backup Mobile Devices VoIP Google Email Tech Term Data Recovery Outsourced IT Data IT Support Software Internet of Things Saving Money IT Services Cloud Computing Internet Microsoft Communications BDR Hardware Business Continuity Efficiency Ransomware Cybersecurity Cybercrime Business Smartphones Communication Small Business Artificial Intelligence Server Disaster Recovery User Tips Android Network Gadgets Computers Browser Avoiding Downtime Smartphone Save Money Windows Managed IT Services Managed IT Alert How To Productivity Router BYOD Money Business Intelligence Applications Windows 10 Business Management Data Security Data Protection Miscellaneous Social Media Social Engineering Vulnerability Workplace Tips Law Enforcement Chrome Mobile Device Management Mobility Firewall Phishing Two-factor Authentication Computer Collaboration Passwords Bandwidth Document Management Budget Proactive IT VPN Facebook Connectivity IT Support Office 365 Redundancy Managed Service Provider Upgrade Private Cloud Flexibility Spam Compliance Telephone Systems Identity Theft Remote Monitoring Operating System Word Blockchain Virtualization Productivity Analysis Servers Apps Data Storage Value Hacking Microsoft Office Mobile Computing Spam Blocking Infrastructure Networking Big Data Bring Your Own Device Physical Security Information Sports Automation Website Unified Threat Management File Sharing Government Office Tips Mobile Device Data loss Comparison Google Drive Managed Service OneNote CES App IT Management Quick Tips Windows 10 Windows 7 Solid State Drive Encryption Training Workers Holiday Access Control Public Cloud Content Management Paperless Office Employer-Employee Relationship Smart Tech Settings Virtual Assistant Password Wi-Fi IT Plan Data storage Data Breach Business Owner Update Content Filtering Information Technology Credit Cards Unsupported Software Work/Life Balance Charger Emails Monitor History Cryptocurrency IBM Google Apps Content Filter Safety The Internet of Things Legal Excel Risk Management Workforce Wireless Charging Nanotechnology Marketing Hacker Root Cause Analysis Education Botnet Human Resources Healthcare Conferencing Fraud Practices Internet exploMicrosoft FENG Recovery Start Menu eWaste Electronic Medical Records Wire Network Congestion Software Tips Accountants Safe Mode Flash Storage Save Time Google Docs Cortana HVAC Tip of the week Telecommuting Fiber-Optic Office MSP Meetings Travel Staff Electronic Health Records Amazon Hosted Computing Advertising Mobile Criminal IT Consultant HaaS User Error Windows 10s Password Manager Supercomputer Data Warehousing Voice over Internet Protocol Colocation Enterprise Content Management Windows Server 2008 HIPAA Remote Work Cables Emergency Devices Relocation Remote Worker Digital Signature Machine Learning Entertainment Amazon Web Services Inventory SaaS Professional Services Smart Office Leadership Hiring/Firing Health HBO IoT Cleaning Netflix Business Technology Sync USB Business Mangement Addiction Multi-Factor Security Computing Infrastructure Password Management Unified Communications Patch Management Thought Leadership Humor Wiring Screen Mirroring Software as a Service YouTube Outlook Specifications Online Shopping PDF CrashOverride Black Market Tools Files Computer Care Reputation Internet Exlporer Audit Telephony Gmail Cache Current Events Apple Data Management Trending NIST Regulations Keyboard Theft Scam Streaming Media Camera Cast Strategy Augmented Reality Frequently Asked Questions Millennials Evernote Authentication Hybrid Cloud Downtime Students webinar Insurance Samsung Customer End of Support Telephone System Computer Fan Skype Hosted Solution Recycling Wireless Internet Knowledge Hard Drives iPhone Wireless Technology Lifestyle Managing Stress Remote Computing Experience Transportation Search Printers WiFi Books Television Line of Business Regulation Content Webinar Customer Relationship Management Scalability Music Benefits Competition Best Practice Politics Public Computer IP Address Worker Loyalty Users Shadow IT Audiobook IT solutions Customer Service Wearable Technology Smart Technology Twitter Mobile Office Virtual Reality Rootkit Employer Employee Relationship Domains Wireless Automobile Fun Worker Commute Public Speaking Proactive Computer Accessories Instant Messaging Troubleshooting Two Factor Authentication Presentation Company Culture Administration Video Games Lithium-ion battery Vendor Management Assessment Remote Monitoring and Maintenance Battery Bluetooth Tech Support How to Techology 5G