Male Rep1


 "Affordable, Effective, and Fast"

Have IT Questions?
Call us now (888) 894-6411

TWINTEL Solutions Blog

Your Router Can Host Some Pretty Nasty Malware

Your Router Can Host Some Pretty Nasty Malware

Hundreds of millions of people use wireless Internet connections every day, and as a result, hackers are taking that as a challenge. They are now starting to develop malware that targets people through their routers. Recently, security researchers at Kaspersky Lab have discovered the malware named Slingshot. The code is designed to spy on PCs through a multi-layer attack that targets MikroTik routers. Today we take a look at Slingshot, and other router-based malware and what you can do about it.

Slingshot works by replacing a library file with a malicious version that downloads more malicious components and then eventually launches a two-front attack on the computers connected to it. The first one runs low-level kernel code that gives an intruder free rein of a system, while the other focuses on the user level and includes code to manage the file system and keep the malware alive.

It is a very intricate attack that calls the nefarious code in from an encrypted virtual file system; managing to do so without crashing the host system, a feat not lost on the security experts at Kaspersky Lab, who deemed it a state-sponsored attack because of the quality of the overall attack and the complexity of its components. Reports suggest that the malware can basically steal whatever it wants, including keyboard strokes, passwords, screenshots, and information about network usage and traffic.

MikroTik has announced that they have patched the vulnerability on versions of their routing firmware, but concerns remain as no one is sure if other router manufacturers have been affected. If that were to come to fruition, Slingshot could be a much larger problem than is currently believed.

Other Instances
Slingshot isn’t the first instance of a router turning on its owner. Traditionally, router security is known to be largely unreliable. Much of this is on the manufacturers, which have been known to build many different products without having a strategy in place to keep them working with up-to-date security. It is also up to the user to keep their router’s firmware up-to-date - something that is very easy to not keep top-of-mind. Plus, some routers make firmware updates time-consuming and difficult.

To attack the network, hackers seek to change the DNS server setting on your router. When you try to connect to a secure website, the malicious DNS server tells you to go to an elaborately constructed phishing site instead. By spoofing the domain and rerouting you to a website that is specifically constructed to take advantage of you, you have very little chance of warding off the attack before it’s too late.

Hackers have also been known to inject all types of user hindrances such trying to perform drive-by downloads, or inundating users with advertisements. Many attacks make use of cross-site request forgery attacks where a malicious actor creates a rogue piece of JavaScript that repeatedly tries to load the router’s web-admin page and change the router’s settings.

What to Do If This Happens to You
The first thing you should do is work to ascertain if your router has been compromised. You can do this in several ways, but the most telling is that your DNS server has been changed. You’ll have to access your router's web-based setup page. Once in, you have to visit the Internet connection screen. If your DNS setting is set to automatic, you are in the clear. If it’s set to “manual”, however, there will be custom DNS servers entered in the space. Many times, this is the first sign of a problem.

If you have been compromised, ensuring your router is set up to your manufacturer’s specifications will help you mitigate damage. To ward against this happening to you, you should always:

  • Install firmware updates: Making sure your router’s firmware is updated to the latest version will definitely help.
  • Disable remote access: Stop remote access to secure against anyone changing settings on your networking equipment.
  • Turn off UPnP: Plug and play can be very convenient, but your router could be affected through UPnP if there is any malware on the network since it is designed to universally trust all requests.
  • Change credentials: Changing your passwords are a simple way of keeping unwanted entities out of your router.

For more information about network and cybersecurity, the expert technicians at TWINTEL Solutions are accessible and ready to help you keep your network and infrastructure secure. For help, call us at (888) 894-6411.

Save the Date: Microsoft Products End of Life
Know Your Tech: Cache


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Thursday, December 13 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!


Our 10 Benefits

Our 10 Benefits Whitepaper

This whitepaper will evaluate the differences between traditional technical support practices and modern managed IT practices and the pros and cons of both in regards to small and medium-sized businesses.

Download Now!   Need A Consultation?

Tag Cloud

Security Tip of the Week Best Practices Technology Cloud Privacy Hackers Business Computing Network Security Backup Hosted Solutions Malware Mobile Devices Google Data VoIP Microsoft Business Email roundup nonprofit Software Business Continuity bgc Disaster Recovery Innovation Internet Managed IT Services Outsourced IT Alert communications Hardware IT Services Smartphones Data Backup User Tips Managed IT Services Browser Windows 10 Tech Term Ransomware Data Recovery Server Computer Saving Money Smartphone Cybercrime Efficiency Cloud Computing Android IT Support BDR Internet of Things Computers IT Support Small Business Business Management Workplace Tips Network Windows Quick Tips Passwords Save Money Communication Office Productivity Productivity Miscellaneous Cybersecurity Artificial Intelligence Managed IT Recovery Money Chrome Social Engineering Mobility Mobile Device Management Telephone Systems Applications BYOD Facebook Phishing Firewall Gadgets Windows 10 Work/Life Balance Social Media Holiday Virtualization Vulnerability Office 365 Collaboration Upgrade Law Enforcement Hacking How To Word Compliance VPN Router Office Tips Budget Flexibility Avoiding Downtime Information Proactive IT Data Protection Mobile Device Private Cloud Bandwidth Bring Your Own Device App Health Two-factor Authentication Wi-Fi Password Microsoft Office Automation Remote Monitoring Managed Service Provider Google Drive HaaS History Black Market Operating System Spam Apps Connectivity Remote Computing Keyboard Managed Service Data Breach Redundancy Voice over Internet Protocol Sports Software as a Service Data Security Mobile Computing Servers Identity Theft Scam Business Intelligence Value Safety Information Technology Paperless Office WiFi HIPAA Credit Cards Save Time Infrastructure Risk Management Worker Employer-Employee Relationship Physical Security Google Docs Unified Threat Management Windows 7 Spam Blocking Fraud Automobile The Internet of Things CES Hiring/Firing Unsupported Software SaaS Telephony Data Storage Website USB Cleaning End of Support Data Management Encryption Training Workers Data storage Content Management Battery Content Filtering Entertainment IT Management Computer Care Business Owner Patch Management Blockchain Virtual Assistant Comparison Emergency OneNote IT Plan Government Big Data Samsung PDF Wireless Technology Solid State Drive Charger Settings Computing Infrastructure Document Management Update Human Resources Telephone System YouTube Marketing Electronic Medical Records Legal Screen Mirroring Current Events Humor Instant Messaging Practices Windows Server 2008 Augmented Reality Hacker Transportation Staff Outlook Regulation Millennials Users Shortcuts Addiction Public Computer Criminal Data Warehousing NIST Lifestyle Apple Hosted Solution Smart Tech Loyalty Sync Printers Computer Fan Wireless Charging Best Practice Content Password Manager Benefits Cast Machine Learning Knowledge Search Hosted Computing Remote Worker Internet Exlporer Politics Digital Signature Rootkit Workforce Virtual Reality Cache Mobile Cryptocurrency iPhone Microchip Warranty FENG Fiber-Optic Audiobook Business Mangement Smart Technology HVAC Network Congestion Chromecast How to Inventory Regulations Wiring Windows 10s Amazon Laptop Frequently Asked Questions Telecommuting User Error Worker Commute Wireless Internet Professional Services Employer Employee Relationship Software Tips Safe Mode webinar Downtime Search Engine Devices Skype Printer Cables Wireless Video Games Gmail Two Factor Authentication Networking Troubleshooting Access Control Public Cloud Amazon Web Services Reputation Touchpad Advertising NarrowBand Hard Drives Scalability Experience Accountants Vendor Management Excel MSP Remote Work Monitor Colocation Cortana Meetings Wire IBM Computer Accessories Conferencing Robot Education Bing Thought Leadership Assessment Start Menu Mouse Unified Communications Recycling Enterprise Content Management IT Consultant Multi-Factor Security Authentication Online Shopping Customers Relocation Tip of the week File Sharing Going Green Techology Google Apps Data loss Smart Office Supercomputer Bluetooth HBO Netflix Specifications Files Help Desk Twitter Television Tools Administrator CrashOverride Theft eWaste Password Management Leadership Trending Shadow IT Books Nanotechnology Flash Camera Audit Evernote Thank You Congratulations GDPR E-Commerce nonprofits