Male Rep 1

 

 "The customer is the hero of the Story"

Have IT Questions?
Call us now (888) 894-6411

Blog

TWINTEL Solutions has been serving the Orange County, Los Angeles County, Riverside County, and San Diego County, areas. Since 2005, TWINTEL has provided IT Support such as technical help desk support, computer support, and overall IT consulting to small and medium-sized businesses.

Your Router Can Host Some Pretty Nasty Malware

Your Router Can Host Some Pretty Nasty Malware

Hundreds of millions of people use wireless Internet connections every day, and as a result, hackers are taking that as a challenge. They are now starting to develop malware that targets people through their routers. Recently, security researchers at Kaspersky Lab have discovered the malware named Slingshot. The code is designed to spy on PCs through a multi-layer attack that targets MikroTik routers. Today we take a look at Slingshot, and other router-based malware and what you can do about it.

Slingshot
Slingshot works by replacing a library file with a malicious version that downloads more malicious components and then eventually launches a two-front attack on the computers connected to it. The first one runs low-level kernel code that gives an intruder free rein of a system, while the other focuses on the user level and includes code to manage the file system and keep the malware alive.

It is a very intricate attack that calls the nefarious code in from an encrypted virtual file system; managing to do so without crashing the host system, a feat not lost on the security experts at Kaspersky Lab, who deemed it a state-sponsored attack because of the quality of the overall attack and the complexity of its components. Reports suggest that the malware can basically steal whatever it wants, including keyboard strokes, passwords, screenshots, and information about network usage and traffic.

MikroTik has announced that they have patched the vulnerability on versions of their routing firmware, but concerns remain as no one is sure if other router manufacturers have been affected. If that were to come to fruition, Slingshot could be a much larger problem than is currently believed.

Other Instances
Slingshot isn’t the first instance of a router turning on its owner. Traditionally, router security is known to be largely unreliable. Much of this is on the manufacturers, which have been known to build many different products without having a strategy in place to keep them working with up-to-date security. It is also up to the user to keep their router’s firmware up-to-date - something that is very easy to not keep top-of-mind. Plus, some routers make firmware updates time-consuming and difficult.

To attack the network, hackers seek to change the DNS server setting on your router. When you try to connect to a secure website, the malicious DNS server tells you to go to an elaborately constructed phishing site instead. By spoofing the domain and rerouting you to a website that is specifically constructed to take advantage of you, you have very little chance of warding off the attack before it’s too late.

Hackers have also been known to inject all types of user hindrances such trying to perform drive-by downloads, or inundating users with advertisements. Many attacks make use of cross-site request forgery attacks where a malicious actor creates a rogue piece of JavaScript that repeatedly tries to load the router’s web-admin page and change the router’s settings.

What to Do If This Happens to You
The first thing you should do is work to ascertain if your router has been compromised. You can do this in several ways, but the most telling is that your DNS server has been changed. You’ll have to access your router's web-based setup page. Once in, you have to visit the Internet connection screen. If your DNS setting is set to automatic, you are in the clear. If it’s set to “manual”, however, there will be custom DNS servers entered in the space. Many times, this is the first sign of a problem.

If you have been compromised, ensuring your router is set up to your manufacturer’s specifications will help you mitigate damage. To ward against this happening to you, you should always:

  • Install firmware updates: Making sure your router’s firmware is updated to the latest version will definitely help.
  • Disable remote access: Stop remote access to secure against anyone changing settings on your networking equipment.
  • Turn off UPnP: Plug and play can be very convenient, but your router could be affected through UPnP if there is any malware on the network since it is designed to universally trust all requests.
  • Change credentials: Changing your passwords are a simple way of keeping unwanted entities out of your router.

For more information about network and cybersecurity, the expert technicians at TWINTEL Solutions are accessible and ready to help you keep your network and infrastructure secure. For help, call us at (888) 894-6411.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Saturday, June 23 2018
If you'd like to register, please fill in the username, password and name fields.

Mobile? Grab this Article!

QR-Code

Our 10 Benefits

Our 10 Benefits Whitepaper

This whitepaper will evaluate the differences between traditional technical support practices and modern managed IT practices and the pros and cons of both in regards to small and medium-sized businesses.

Download Now!   Need A Consultation?

Tag Cloud

Security Tip of the Week Best Practices Privacy Cloud Technology Business Computing Backup Hackers Network Security Malware Hosted Solutions Google Microsoft bgc roundup nonprofit VoIP Software Email Alert Managed IT Services Disaster Recovery Business Continuity Mobile Devices Business Outsourced IT Internet Data Windows 10 communications Ransomware Smartphones Browser IT Services Cybercrime Innovation Saving Money Hardware Android IT Support Managed IT Services Server Computer Computers Efficiency Small Business Cloud Computing Data Backup Smartphone Business Management Productivity Internet of Things Office Tech Term Telephone Systems Social Engineering BDR Recovery Managed IT Cybersecurity BYOD Windows Data Recovery Passwords User Tips Mobile Device Management Money Quick Tips Network Virtualization Collaboration Law Enforcement Productivity Artificial Intelligence Upgrade Save Money Mobility Phishing Work/Life Balance Communication Vulnerability Hacking App Automation Wi-Fi Managed Service Provider Holiday Two-factor Authentication VPN Proactive IT Miscellaneous Flexibility Bring Your Own Device How To Firewall Avoiding Downtime Chrome Health Data Protection Social Media Office 365 Remote Monitoring Facebook Private Cloud Budget Bandwidth Office Tips IT Support Password Safety Connectivity Windows 10 Redundancy Google Drive HaaS Microsoft Office Remote Computing Identity Theft Business Intelligence Operating System Apps Compliance Word Black Market Data Breach Workplace Tips Applications Data Security Information Technology History Gadgets Value Router Mobile Device Mobile Computing Physical Security Entertainment SaaS Spam Wireless Technology Business Owner Website Data Storage Workers Data storage Big Data Government Document Management IT Management Computing Infrastructure OneNote Marketing Save Time Charger IT Plan Risk Management CES Electronic Medical Records Automobile Content Management Credit Cards Employer-Employee Relationship Data Management Spam Blocking Keyboard End of Support Battery Windows 7 Content Filtering Hiring/Firing Cleaning Unsupported Software YouTube Emergency Infrastructure Computer Care PDF Patch Management Solid State Drive Legal Comparison Samsung HIPAA The Internet of Things Servers Scam Update Worker Sports USB Wireless Charging Knowledge Worker Commute Sync Benefits Google Docs Rootkit Video Games Cast Smart Tech User Error Recycling FENG Workforce Machine Learning Troubleshooting Wireless Fiber-Optic Network Congestion Telephony Smart Technology Training Colocation eWaste Practices Telecommuting Frequently Asked Questions HVAC Techology Cables Skype Two Factor Authentication Voice over Internet Protocol Vendor Management Devices Criminal Hosted Computing Remote Work Assessment Shadow IT Monitor Excel Books Unified Communications IT Consultant Start Menu Settings Multi-Factor Security Thought Leadership Hacker Inventory CrashOverride Television Tip of the week Hosted Solution Chromecast Apple Theft Leadership Tools Trending Twitter Politics Internet Exlporer Access Control Meetings Public Computer Windows Server 2008 iPhone Cortana Lifestyle Unified Threat Management Data Warehousing Addiction Blockchain Authentication Data loss Fraud Going Green Google Apps Mobile Human Resources Windows 10s Scalability Cache Experience Advertising Amazon Education Regulations Hard Drives Professional Services Employer Employee Relationship webinar Staff Public Cloud Downtime Software Tips Wireless Internet Relocation Amazon Web Services IBM Reputation Software as a Service Computer Accessories Files Password Manager Conferencing Digital Signature Instant Messaging Robot Wire Humor Online Shopping Supercomputer Users Customers Content Bluetooth Best Practice Laptop Business Mangement Netflix Encryption Audit Specifications Search HBO Smart Office Evernote Current Events Virtual Reality Flash Transportation WiFi Touchpad Screen Mirroring Nanotechnology Audiobook Gmail Accountants Computer Fan Millennials Loyalty How to Outlook Paperless Office NarrowBand nonprofits Networking Enterprise Content Management Password Management NIST Thank You Congratulations