Male Rep 3V1

 

 "Exceeding Customer Expectations"

Have IT Questions?
Call us now (888) 894-6411

TWINTEL Solutions Blog

Your Router Can Host Some Pretty Nasty Malware

Your Router Can Host Some Pretty Nasty Malware

Hundreds of millions of people use wireless Internet connections every day, and as a result, hackers are taking that as a challenge. They are now starting to develop malware that targets people through their routers. Recently, security researchers at Kaspersky Lab have discovered the malware named Slingshot. The code is designed to spy on PCs through a multi-layer attack that targets MikroTik routers. Today we take a look at Slingshot, and other router-based malware and what you can do about it.

Slingshot
Slingshot works by replacing a library file with a malicious version that downloads more malicious components and then eventually launches a two-front attack on the computers connected to it. The first one runs low-level kernel code that gives an intruder free rein of a system, while the other focuses on the user level and includes code to manage the file system and keep the malware alive.

It is a very intricate attack that calls the nefarious code in from an encrypted virtual file system; managing to do so without crashing the host system, a feat not lost on the security experts at Kaspersky Lab, who deemed it a state-sponsored attack because of the quality of the overall attack and the complexity of its components. Reports suggest that the malware can basically steal whatever it wants, including keyboard strokes, passwords, screenshots, and information about network usage and traffic.

MikroTik has announced that they have patched the vulnerability on versions of their routing firmware, but concerns remain as no one is sure if other router manufacturers have been affected. If that were to come to fruition, Slingshot could be a much larger problem than is currently believed.

Other Instances
Slingshot isn’t the first instance of a router turning on its owner. Traditionally, router security is known to be largely unreliable. Much of this is on the manufacturers, which have been known to build many different products without having a strategy in place to keep them working with up-to-date security. It is also up to the user to keep their router’s firmware up-to-date - something that is very easy to not keep top-of-mind. Plus, some routers make firmware updates time-consuming and difficult.

To attack the network, hackers seek to change the DNS server setting on your router. When you try to connect to a secure website, the malicious DNS server tells you to go to an elaborately constructed phishing site instead. By spoofing the domain and rerouting you to a website that is specifically constructed to take advantage of you, you have very little chance of warding off the attack before it’s too late.

Hackers have also been known to inject all types of user hindrances such trying to perform drive-by downloads, or inundating users with advertisements. Many attacks make use of cross-site request forgery attacks where a malicious actor creates a rogue piece of JavaScript that repeatedly tries to load the router’s web-admin page and change the router’s settings.

What to Do If This Happens to You
The first thing you should do is work to ascertain if your router has been compromised. You can do this in several ways, but the most telling is that your DNS server has been changed. You’ll have to access your router's web-based setup page. Once in, you have to visit the Internet connection screen. If your DNS setting is set to automatic, you are in the clear. If it’s set to “manual”, however, there will be custom DNS servers entered in the space. Many times, this is the first sign of a problem.

If you have been compromised, ensuring your router is set up to your manufacturer’s specifications will help you mitigate damage. To ward against this happening to you, you should always:

  • Install firmware updates: Making sure your router’s firmware is updated to the latest version will definitely help.
  • Disable remote access: Stop remote access to secure against anyone changing settings on your networking equipment.
  • Turn off UPnP: Plug and play can be very convenient, but your router could be affected through UPnP if there is any malware on the network since it is designed to universally trust all requests.
  • Change credentials: Changing your passwords are a simple way of keeping unwanted entities out of your router.

For more information about network and cybersecurity, the expert technicians at TWINTEL Solutions are accessible and ready to help you keep your network and infrastructure secure. For help, call us at (888) 894-6411.

Save the Date: Microsoft Products End of Life
Know Your Tech: Cache
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Friday, March 22 2019
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code

Our 10 Benefits

Our 10 Benefits Whitepaper

This whitepaper will evaluate the differences between traditional technical support practices and modern managed IT practices and the pros and cons of both in regards to small and medium-sized businesses.

Download Now!   Need A Consultation?

Tag Cloud

Security Tip of the Week Best Practices Technology Cloud Privacy Business Computing Hackers Network Security Hosted Solutions Backup Malware Mobile Devices Google Data VoIP Microsoft Email Disaster Recovery Software Business Business Continuity communications bgc roundup Innovation Internet nonprofit Alert User Tips IT Services Outsourced IT Managed IT Services Hardware Productivity Smartphones Data Backup Tech Term Managed IT Services Windows 10 Efficiency Browser Server Computer Saving Money Workplace Tips Cloud Computing Smartphone Ransomware Data Recovery Android Cybercrime Internet of Things IT Support Small Business Business Management Network Windows BDR Computers Communication IT Support Office Productivity Miscellaneous Quick Tips Passwords Artificial Intelligence Cybersecurity Save Money Chrome Holiday Telephone Systems Windows 10 BYOD Applications Router Managed IT Recovery Money Mobile Device Social Engineering Gadgets Mobility Mobile Device Management Work/Life Balance Wi-Fi Phishing Social Media Automation Office 365 Virtualization Collaboration Hacking Upgrade Law Enforcement Facebook Vulnerability Proactive IT Firewall Private Cloud Health Information Password Microsoft Office Remote Monitoring Managed Service Provider Google Drive Word Two-factor Authentication VPN Data Protection Budget Office Tips Flexibility Avoiding Downtime How To Bandwidth Bring Your Own Device Compliance App Servers Identity Theft Mobile Computing Connectivity Encryption Managed Service Data Breach Business Intelligence Safety Information Technology HaaS Save Time History Spam Settings Scam Black Market Value Operating System Remote Computing Apps Voice over Internet Protocol Keyboard Software as a Service Data Security Redundancy Sports IT Plan CES Cryptocurrency Hiring/Firing SaaS Update Business Owner Cleaning Emergency Wireless Technology Training Workers PDF Big Data Government Content Management Computing Infrastructure Credit Cards Solid State Drive WiFi Document Management YouTube Access Control Computer Care Marketing Legal Patch Management Blockchain Virtual Assistant Hacker Windows 7 Fraud HIPAA OneNote Google Docs Risk Management Samsung Unsupported Software Charger Physical Security Telephony The Internet of Things Human Resources Telephone System Data Storage Website Automobile Electronic Medical Records Augmented Reality Infrastructure Paperless Office Worker End of Support USB IT Management Data Management Employer-Employee Relationship Data storage Comparison Entertainment Unified Threat Management Spam Blocking Battery Content Filtering Machine Learning NarrowBand Digital Signature Rootkit Reputation Advertising Online Shopping Troubleshooting Cache Vendor Multi-Factor Security Monitor Colocation Database Tip of the week Scalability Experience Warranty FENG Hard Drives Search Engine Data loss Digital Signage HBO Specifications Inventory Wiring Windows 10s Tools Theft Education Business Mangement HVAC Smart Technology Network Congestion Robot Customers Flash Evernote Going Green Wireless Internet Display Trending Safe Mode Employer Employee Relationship webinar Windows Server 2008 Devices Printer Relocation Bing Screen Mirroring Techology Files Google Search Outlook Millennials Public Cloud Gmail Networking Two Factor Authentication Data Warehousing Lifestyle Accountants MSP Vendor Management Sync Wireless Charging Shadow IT Books Cortana Wire IBM Security Cameras Computer Accessories Conferencing Instant Messaging Thought Leadership Mouse Assessment Humor Help Desk Cast Net Neutrality Workforce Authentication Mobile Users Recycling Enterprise Content Management IT Consultant Best Practice Content File Sharing Fiber-Optic Hosted Solution Google Apps Smart Office Supercomputer Apple Botnet Bluetooth Netflix Internet Exlporer Regulations Amazon Search Twitter Administrator Television CrashOverride Shortcuts Leadership ISP Frequently Asked Questions Telecommuting Politics Nanotechnology Camera Audit Professional Services Virtual Reality eWaste Password Management Smartwatch Software Tips Audiobook Chromecast Practices Skype Cables Laptop Transportation Current Events iPhone Staff Regulation Amazon Web Services How to Addiction Public Computer Social User Error Cryptomining Excel Remote Work Smart Tech Printers Loyalty Computer Fan Microchip Meetings Worker Commute Criminal NIST Employee Video Games Hosted Computing Remote Worker Wireless Start Menu Unified Communications Touchpad Password Manager Benefits Knowledge Downtime Business Technology nonprofits GDPR Analytics Thank You E-Commerce Biometric Security Congratulations