Contact us today!
845-876-6561

Professional Computer Associates Blog

Professional Computer Associates has been serving the Red Hook area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Your Router Can Host Some Pretty Nasty Malware

Your Router Can Host Some Pretty Nasty Malware

Hundreds of millions of people use wireless Internet connections every day, and as a result, hackers are taking that as a challenge. They are now starting to develop malware that targets people through their routers. Recently, security researchers at Kaspersky Lab have discovered the malware named Slingshot. The code is designed to spy on PCs through a multi-layer attack that targets MikroTik routers. Today we take a look at Slingshot, and other router-based malware and what you can do about it.

Slingshot
Slingshot works by replacing a library file with a malicious version that downloads more malicious components and then eventually launches a two-front attack on the computers connected to it. The first one runs low-level kernel code that gives an intruder free rein of a system, while the other focuses on the user level and includes code to manage the file system and keep the malware alive.

It is a very intricate attack that calls the nefarious code in from an encrypted virtual file system; managing to do so without crashing the host system, a feat not lost on the security experts at Kaspersky Lab, who deemed it a state-sponsored attack because of the quality of the overall attack and the complexity of its components. Reports suggest that the malware can basically steal whatever it wants, including keyboard strokes, passwords, screenshots, and information about network usage and traffic.

MikroTik has announced that they have patched the vulnerability on versions of their routing firmware, but concerns remain as no one is sure if other router manufacturers have been affected. If that were to come to fruition, Slingshot could be a much larger problem than is currently believed.

Other Instances
Slingshot isn’t the first instance of a router turning on its owner. Traditionally, router security is known to be largely unreliable. Much of this is on the manufacturers, which have been known to build many different products without having a strategy in place to keep them working with up-to-date security. It is also up to the user to keep their router’s firmware up-to-date - something that is very easy to not keep top-of-mind. Plus, some routers make firmware updates time-consuming and difficult.

To attack the network, hackers seek to change the DNS server setting on your router. When you try to connect to a secure website, the malicious DNS server tells you to go to an elaborately constructed phishing site instead. By spoofing the domain and rerouting you to a website that is specifically constructed to take advantage of you, you have very little chance of warding off the attack before it’s too late.

Hackers have also been known to inject all types of user hindrances. They will try to perform drive-by downloads or inundate users with advertisements. Many attacks make use of cross-site request forgery attacks where a malicious actor creates a rogue piece of JavaScript that repeatedly tries to load the router’s web-admin page and change the router’s settings.

What to Do If This Happens to You
The first thing you should do is work to ascertain if your router has been compromised. You can do this in several ways, but the most telling is that your DNS server has been changed. You’ll have to access your router's web-based setup page. Once in, you have to visit the Internet connection screen. If your DNS setting is set to automatic, you are in the clear. If it’s set to “manual”, however, there will be custom DNS servers entered in the space. Many times, this is the first sign of a problem.

If you have been compromised, ensuring your router is set up to your manufacturer’s specifications will help you mitigate damage. To ward against this happening to you, you should always:

  • Install firmware updates: Making sure your router’s firmware is updated to the latest version will definitely help.
  • Disable remote access: Stop remote access to secure against anyone changing settings on your networking equipment.
  • Turn off UPnP: Plug and play can be very convenient, but your router could be affected through UPnP if there is any malware on the network since it is designed to universally trust all requests.
  • Change credentials: Changing your passwords are a simple way of keeping unwanted entities out of your router.

For more information about network and cybersecurity, the expert technicians at Professional Computer Associates are accessible and ready to help you keep your network and infrastructure secure. For help, call us at 845-876-6561.

Save the Date: Microsoft Products End of Life
Know Your Tech: Cache
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Thursday, June 21 2018

Captcha Image

QR-Code

Tag Cloud

Security Tip of the Week Best Practices Cloud Technology Privacy Hackers Network Security Business Computing Backup Hosted Solutions Managed IT Services Malware Google Microsoft VoIP Disaster Recovery Software Business Continuity Business Internet Mobile Devices Email Productivity Outsourced IT Data Innovation Cybercrime IT Support Windows 10 communications Computer Ransomware Smartphones Efficiency Data Backup IT Services Browser Android Hardware Office Cloud Computing Internet of Things Alert Saving Money Data Recovery Telephone Systems Computers Server Business Management Small Business Smartphone Virtualization BDR Upgrade User Tips Mobile Device Management Windows Collaboration Law Enforcement Managed IT Tech Term Cybersecurity Chrome Workplace Tips Network Quick Tips BYOD Social Engineering Microsoft Office Holiday Artificial Intelligence Money Communication Office 365 Save Money Social Media Miscellaneous How To Passwords Recovery App Mobility Firewall Work/Life Balance Private Cloud Avoiding Downtime Bandwidth Hacking Productivity Facebook Office Tips Managed Service Provider Two-factor Authentication Gmail Proactive IT Budget Password Data Protection HaaS Phishing Automation Flexibility Wi-Fi Data Security Information Technology Health Redundancy Router VPN Data Management Bring Your Own Device Business Intelligence Remote Monitoring Operating System Cleaning Windows 10 Word SaaS Value User Error Marketing Document Management Connectivity Entertainment Spam Safety Apps Compliance Risk Management Vulnerability Mobile Device Managed IT Services Gadgets Employer-Employee Relationship Data Breach Applications Black Market Big Data Identity Theft Google Drive Windows 7 Hiring/Firing Downtime Credit Cards Infrastructure Computer Care HIPAA History eWaste IT Management Samsung OneNote Analysis Best Practice IT Plan Settings Patch Management Business Owner Data storage Shadow IT Streaming Media Keyboard Government End of Support Unsupported Software Scam Servers Internet Exlporer YouTube Encryption Comparison Save Time The Internet of Things Wearable Technology Worker Spam Blocking Automobile Sports CES Data loss USB Public Cloud Smart Tech Remote Computing Legal Wireless Technology Update Content Management Battery Training PDF Education DDoS Computing Infrastructure Website Data Storage Content Filtering Workers Mobile Computing Charger Physical Security Meetings Electronic Medical Records Wireless Solid State Drive Apple Emails Virtual Reality Access Control Wireless Internet Mouse Tools Instant Messaging Going Green Trending Strategy Supercomputer Emergency Regulations Employer Employee Relationship Worker Commute Robot Fraud Authentication Tech Support Wire Password Manager Relocation IT Consultant Search Lithium-ion battery Laptop Lifestyle Environment Current Events Computer Accessories Amazon Nanotechnology Running Cable Smart Office Botnet Business Mangement IaaS Leadership How to Touchpad Accountants Bluetooth Netflix Outlook Amazon Web Services Paperless Office Travel Recycling SharePoint Loyalty Root Cause Analysis Experience Techology Internet exploMicrosoft Software Tips Transportation Flash Wireless Charging Humor Online Shopping Devices Students Criminal Music iPhone webinar Advertising Notifications Specifications IoT People Benefits Sync Fiber-Optic Fax Server Monitor Evernote Thought Leadership Healthcare NarrowBand Software as a Service Assessment Smart Technology Conferencing Millennials HBO Mobile Office Telephony Cables IT solutions Rootkit Windows 10s Reputation Content Filter Electronic Health Records Television Screen Mirroring Troubleshooting Files IT Support Hybrid Cloud Workforce Insurance Frequently Asked Questions Skype Unified Communications Content Customer Storage Colocation Machine Learning Chromecast Google Docs Blockchain Public Computer Cast Hosted Solution Two Factor Authentication Telecommuting Practices Antivirus Excel Start Menu Theft Vendor Management Audit Audiobook Human Resources Remote Work Hosted Computing Uninterrupted Power Supply Tip of the week Distributed Denial of Service Mobile Cortana WiFi Computer Fan Politics Hard Drives Addiction hacker Video Games Voice over Internet Protocol Staff Networking Knowledge Users Inventory Windows Server 2008 Cache Professional Services Google Apps Unified Threat Management FENG Scalability HVAC Multi-Factor Security Digital Signature IBM Data Warehousing Books Network Congestion Congratulations Webinar IT solutions CrashOverride Twitter Company Culture Managing Stress Thank You Administration

Free Consultation

Free ConsultationSign up today for a
FREE Network Consultation
How secure is your IT infrastructure?
Let us evaluate it for free!

Sign up Now!