Contact us today!

Professional Computer Associates Blog

Your Router Can Host Some Pretty Nasty Malware

Your Router Can Host Some Pretty Nasty Malware

Hundreds of millions of people use wireless Internet connections every day, and as a result, hackers are taking that as a challenge. They are now starting to develop malware that targets people through their routers. Recently, security researchers at Kaspersky Lab have discovered the malware named Slingshot. The code is designed to spy on PCs through a multi-layer attack that targets MikroTik routers. Today we take a look at Slingshot, and other router-based malware and what you can do about it.

Slingshot works by replacing a library file with a malicious version that downloads more malicious components and then eventually launches a two-front attack on the computers connected to it. The first one runs low-level kernel code that gives an intruder free rein of a system, while the other focuses on the user level and includes code to manage the file system and keep the malware alive.

It is a very intricate attack that calls the nefarious code in from an encrypted virtual file system; managing to do so without crashing the host system, a feat not lost on the security experts at Kaspersky Lab, who deemed it a state-sponsored attack because of the quality of the overall attack and the complexity of its components. Reports suggest that the malware can basically steal whatever it wants, including keyboard strokes, passwords, screenshots, and information about network usage and traffic.

MikroTik has announced that they have patched the vulnerability on versions of their routing firmware, but concerns remain as no one is sure if other router manufacturers have been affected. If that were to come to fruition, Slingshot could be a much larger problem than is currently believed.

Other Instances
Slingshot isn’t the first instance of a router turning on its owner. Traditionally, router security is known to be largely unreliable. Much of this is on the manufacturers, which have been known to build many different products without having a strategy in place to keep them working with up-to-date security. It is also up to the user to keep their router’s firmware up-to-date - something that is very easy to not keep top-of-mind. Plus, some routers make firmware updates time-consuming and difficult.

To attack the network, hackers seek to change the DNS server setting on your router. When you try to connect to a secure website, the malicious DNS server tells you to go to an elaborately constructed phishing site instead. By spoofing the domain and rerouting you to a website that is specifically constructed to take advantage of you, you have very little chance of warding off the attack before it’s too late.

Hackers have also been known to inject all types of user hindrances. They will try to perform drive-by downloads or inundate users with advertisements. Many attacks make use of cross-site request forgery attacks where a malicious actor creates a rogue piece of JavaScript that repeatedly tries to load the router’s web-admin page and change the router’s settings.

What to Do If This Happens to You
The first thing you should do is work to ascertain if your router has been compromised. You can do this in several ways, but the most telling is that your DNS server has been changed. You’ll have to access your router's web-based setup page. Once in, you have to visit the Internet connection screen. If your DNS setting is set to automatic, you are in the clear. If it’s set to “manual”, however, there will be custom DNS servers entered in the space. Many times, this is the first sign of a problem.

If you have been compromised, ensuring your router is set up to your manufacturer’s specifications will help you mitigate damage. To ward against this happening to you, you should always:

  • Install firmware updates: Making sure your router’s firmware is updated to the latest version will definitely help.
  • Disable remote access: Stop remote access to secure against anyone changing settings on your networking equipment.
  • Turn off UPnP: Plug and play can be very convenient, but your router could be affected through UPnP if there is any malware on the network since it is designed to universally trust all requests.
  • Change credentials: Changing your passwords are a simple way of keeping unwanted entities out of your router.

For more information about network and cybersecurity, the expert technicians at Professional Computer Associates are accessible and ready to help you keep your network and infrastructure secure. For help, call us at 845-876-6561.

Save the Date: Microsoft Products End of Life
Know Your Tech: Cache


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Tuesday, August 21 2018

Captcha Image


Tag Cloud

Security Tip of the Week Best Practices Cloud Technology Privacy Hackers Network Security Business Computing Backup Malware Hosted Solutions Managed IT Services VoIP Google Mobile Devices Microsoft Disaster Recovery Email Software Productivity Business Internet Business Continuity Innovation Data Outsourced IT Data Backup Smartphones communications Efficiency Cybercrime Hardware Ransomware IT Services Windows 10 Computer Data Recovery IT Support Android Cloud Computing Browser Tech Term Office BDR Internet of Things Server User Tips Network Windows Alert Saving Money Business Management Telephone Systems Computers Upgrade Cybersecurity Small Business Miscellaneous Mobile Device Management Virtualization Smartphone Quick Tips Microsoft Office Applications Managed IT Social Engineering Passwords Law Enforcement Artificial Intelligence Social Media Collaboration Facebook Chrome BYOD Workplace Tips Save Money Money Productivity How To Office Tips Hacking Mobility Holiday Managed Service Provider Recovery Router Office 365 Automation Firewall Avoiding Downtime Work/Life Balance Private Cloud Password Communication Bandwidth Gadgets App Data Management HaaS Phishing Flexibility Business Intelligence Gmail Data Security VPN Wi-Fi Remote Monitoring Operating System Data Protection Information Technology Bring Your Own Device Two-factor Authentication Proactive IT Budget Health Redundancy Managed IT Services Data Breach Document Management Entertainment Encryption Big Data Spam Risk Management Black Market Cleaning Windows 10 IT Management Marketing User Error Apps Employer-Employee Relationship Analysis Safety IT Support Google Drive Blockchain Mobile Device Word SaaS Identity Theft Compliance Vulnerability Training Connectivity Value Content Filtering Machine Learning Workers Internet Exlporer YouTube Update eWaste Data storage Solid State Drive Charger Mobile Computing Networking PDF Save Time Government Paperless Office The Internet of Things End of Support Access Control Electronic Medical Records CES Computing Infrastructure Smart Tech Settings Infrastructure Spam Blocking Windows 7 Automobile Worker Sports Instant Messaging Data loss USB Hiring/Firing Website Physical Security Content Management Legal HIPAA Computer Care Remote Computing Comparison Wireless Technology Information OneNote IT Plan Battery File Sharing Samsung Patch Management Best Practice Downtime Public Cloud Meetings Business Owner Shadow IT Credit Cards History Unsupported Software Wearable Technology Education Streaming Media Wireless Keyboard Data Storage Apple Scam DDoS Servers Wireless Charging Hybrid Cloud Devices Tip of the week Bluetooth Proactive Trending Relocation Staff Video Games Root Cause Analysis Travel Experience Loyalty Smart Office Laptop Fraud Inventory Software Tips Mobile Office Virtual Assistant Uninterrupted Power Supply Customer Criminal Computer Fan Mobile Workforce Colocation Knowledge IoT Transportation NIST Distributed Denial of Service Google Apps Flash IT solutions Politics Fiber-Optic Thought Leadership Windows Server 2008 Remote Monitoring and Maintenance Lifestyle Digital Signature Scalability Music Touchpad Amazon webinar Users Telephone System Google Docs FENG Professional Services Telecommuting Network Congestion Data Warehousing Environment Benefits Cryptocurrency Outlook Sync Unified Threat Management Notifications Books IBM Cables Emails Content Filter Running Cable Line of Business Strategy Assessment Students NarrowBand Amazon Web Services Internet exploMicrosoft Conferencing Authentication HBO Antivirus Virtual Reality Tools Remote Work hacker Insurance Smart Technology Safe Mode Mouse Humor Password Manager Windows 10s Telephony Cache Emergency HVAC Unified Communications Storage Regulations Rootkit MSP iPhone Search Screen Mirroring Troubleshooting Television Healthcare Online Shopping Advertising Nanotechnology Frequently Asked Questions Worker Commute Employer Employee Relationship Tech Support Voice over Internet Protocol SharePoint IT Consultant Practices Monitor Business Mangement Skype WiFi Wireless Internet Enterprise Content Management Theft Content Augmented Reality Lithium-ion battery Specifications Supercomputer Accountants How to Cast Hosted Solution Public Computer Electronic Health Records Chromecast Evernote Excel Computer Accessories Managed Service Multi-Factor Security Human Resources Botnet Wire IaaS Going Green Leadership Hosted Computing People Two Factor Authentication Business Technology Software as a Service Reputation Recycling Techology Audit Start Menu Password Management Robot Cortana Hard Drives Netflix Addiction Fax Server Audiobook Vendor Management Millennials Files Current Events Congratulations Wiring Company Culture Managing Stress Regulation Webinar Administration IT solutions Twitter CrashOverride Thank You Remote Worker

Free Consultation

Free ConsultationSign up today for a
FREE Network Consultation
How secure is your IT infrastructure?
Let us evaluate it for free!

Sign up Now!