XFER Blog

XFER has been serving Michigan since 1994, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Your Router Can Host Some Pretty Nasty Malware

Your Router Can Host Some Pretty Nasty Malware

Hundreds of millions of people use wireless Internet connections every day, and as a result, hackers are taking that as a challenge. They are now starting to develop malware that targets people through their routers. Recently, security researchers at Kaspersky Lab have discovered the malware named Slingshot. The code is designed to spy on PCs through a multi-layer attack that targets MikroTik routers. Today we take a look at Slingshot, and other router-based malware and what you can do about it.

Slingshot
Slingshot works by replacing a library file with a malicious version that downloads more malicious components and then eventually launches a two-front attack on the computers connected to it. The first one runs low-level kernel code that gives an intruder free rein of a system, while the other focuses on the user level and includes code to manage the file system and keep the malware alive.

It is a very intricate attack that calls the nefarious code in from an encrypted virtual file system; managing to do so without crashing the host system, a feat not lost on the security experts at Kaspersky Lab, who deemed it a state-sponsored attack because of the quality of the overall attack and the complexity of its components. Reports suggest that the malware can basically steal whatever it wants, including keyboard strokes, passwords, screenshots, and information about network usage and traffic.

MikroTik has announced that they have patched the vulnerability on versions of their routing firmware, but concerns remain as no one is sure if other router manufacturers have been affected. If that were to come to fruition, Slingshot could be a much larger problem than is currently believed.

Other Instances
Slingshot isn’t the first instance of a router turning on its owner. Traditionally, router security is known to be largely unreliable. Much of this is on the manufacturers, which have been known to build many different products without having a strategy in place to keep them working with up-to-date security. It is also up to the user to keep their router’s firmware up-to-date - something that is very easy to not keep top-of-mind. Plus, some routers make firmware updates time-consuming and difficult.

To attack the network, hackers seek to change the DNS server setting on your router. When you try to connect to a secure website, the malicious DNS server tells you to go to an elaborately constructed phishing site instead. By spoofing the domain and rerouting you to a website that is specifically constructed to take advantage of you, you have very little chance of warding off the attack before it’s too late.

Hackers have also been known to inject all types of user hindrances such trying to perform drive-by downloads, or inundating users with advertisements. Many attacks make use of cross-site request forgery attacks where a malicious actor creates a rogue piece of JavaScript that repeatedly tries to load the router’s web-admin page and change the router’s settings.

What to Do If This Happens to You
The first thing you should do is work to ascertain if your router has been compromised. You can do this in several ways, but the most telling is that your DNS server has been changed. You’ll have to access your router's web-based setup page. Once in, you have to visit the Internet connection screen. If your DNS setting is set to automatic, you are in the clear. If it’s set to “manual”, however, there will be custom DNS servers entered in the space. Many times, this is the first sign of a problem.

If you have been compromised, ensuring your router is set up to your manufacturer’s specifications will help you mitigate damage. To ward against this happening to you, you should always:

  • Install firmware updates: Making sure your router’s firmware is updated to the latest version will definitely help.
  • Disable remote access: Stop remote access to secure against anyone changing settings on your networking equipment.
  • Turn off UPnP: Plug and play can be very convenient, but your router could be affected through UPnP if there is any malware on the network since it is designed to universally trust all requests.
  • Change credentials: Changing your passwords are a simple way of keeping unwanted entities out of your router.

For more information about network and cybersecurity, the expert technicians at XFER are accessible and ready to help you keep your network and infrastructure secure. For help, call us at 734-927-6666 / 800-Get-XFER.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Monday, June 18 2018
If you'd like to register, please fill in the username, password and name fields.

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Security Technology Tip of the Week Privacy Microsoft Internet Cloud Saving Money Best Practices Backup Software Managed Service Provider Workplace Tips Business Computing Small Business Google Hackers Mobile Office Hosted Solutions Productivity Data Hardware Mobile Devices VoIP Quick Tips Gadgets Email Malware IT Support Efficiency Network Social Media Business Management Business Continuity Network Security IT Services Business Smartphones Server Virtualization Upgrade Miscellaneous Innovation Disaster Recovery Windows Communication Microsoft Office Users Managed IT Services Mobile Device Management Computer Communications Android User Tips Passwords Browser Marketing Smartphone WiFi Holiday Alert Data Backup Save Money Vendor Management Windows 10 Mobile Computing Operating System Ransomware Remote Monitoring Cybercrime Bring Your Own Device Apple BYOD Information Technology Computers Avoiding Downtime Internet of Things Data Recovery History Big Data Best Practice Remote Computing Cloud Computing IT Solutions Going Green The Internet of Things Telephone Systems Outsourced IT VPN Chrome Current Events Automation Wireless Technology Social Engineering Router Employer-Employee Relationship IT Consultant Trending BDR Firewall Application Collaboration Health Spam Hacking Phone System Cybersecurity Lithium-ion Battery Excel Tech Term Office App Printer Artificial Intelligence Budget Facebook Money Proactive IT Bandwidth Maintenance Business Intelligence Windows 8 Content Filtering How To Two-factor Authentication Mobility Business Managament Recovery iPhone Fax Server Managed IT Services Mouse Antivirus Website Networking Analytics Gmail Managed IT Data Protection Apps User Error Phishing PowerPoint Unified Threat Management Private Cloud Humor Outlook Data Security Value Redundancy Law Enforcement Tutorials Office 365 Virus Customer Relationship Management Hard Drives Inbound Marketing Office Tips Saving Time Google Drive Tech Support Connectivity Compliance Flexibility Administration Downtime Entertainment Memory Productivity Mobile Device Digital Payment Retail Social Networking Word Computer Repair Conferencing Windows 10 Network Congestion Sports Search Data Management Identity Theft Tablet Twitter Vulnerability Document Management Streaming Media Risk Management Save Time CES Programming Public Cloud Social Skype Workers SaaS IT Plan Running Cable Intranet Data storage Touchscreen Content Management Wearable Technology Scam Infrastructure Data loss Unsupported Software eWaste Internet Exlporer Settings Spam Blocking Update Environment PDF Best Available Video Surveillance Bluetooth Human Resources HaaS End of Support Safety Wi-Fi People Government Comparison Biometrics YouTube Samsung IT service Meetings Windows 7 Piracy Smart Tech Hacker IBM DDoS OneNote Leadership Online Currency Administrator Point of Sale Recycling Solid State Drive Black Market Webinar Computer Accessories Encryption Data Storage Credit Cards USB Statistics IT Management Robot Wireless Physical Security Training Cleaning Work/Life Balance Data Breach Netflix Practices Tablets Notifications Frequently Asked Questions Paperless Office Fraud Text Messaging Accountants Professional Services Google Apps Hiring/Firing Law Firm IT Colocation Root Cause Analysis Addiction Workforce Windows Media Player Company Culture Virtual Desktop Laptop Flash Fiber-Optic SharePoint Computer Fan Work Station Lifestyle Augmented Reality Cost Management Shadow IT Supercomputer Gaming Console Hosted Computing Software as a Service Upgrades Analyitcs Hybrid Cloud Tip of the week Amazon LinkedIn Tools IaaS Computing Infrastructure Cache Telecommuting Net Neutrality Customer Service Touchpad Sync Cables File Sharing Consultant Relocation FENG Macro Devices Windows 8.1 Update Instant Messaging Legal Knowledge Monitor Patch Management Co-managed IT Inventory Blockchain Display Windows Server 2008 Amazon Web Services 360 Emails IoT Password Manager Debate Screen Mirroring Software Tips Wireless Internet Remote Work Cameras Telephony Unified Communications Licensing Electronic Medical Records Thought Leadership WIndows 7 Reputation Windows 10s Access Control Google Docs Staff Virtual Reality Business Owner Webcam Online Shopping Botnet Business Mangement Internet exploMicrosoft Charger Cast Wire Printer Server Shortcut Start Menu Theft User Hiring/Firing Data Warehousing Content Filter Specifications Worker Commute NarrowBand HIPAA IT Support Managing Stress Domains Customers PC Care Authentication Voice over Internet Protocol Digital Signature Bloatware Uninterrupted Power Supply Regulations Machine Learning Evernote Applications Hosted Solution 3D Insurance Travel Criminal IT Security Science Education Advertising Computer Care Scheduling HBO Smart Office eBay Analysis Mobile Cortana Print Server Distributed Denial of Service Files Storage Millennials Chromecast Keyboard nternet Crowdfunding Audit Alerts Nanotechnology Multi-Factor Security Strategy Remote Support Entrepreneur Password Help Desk Servers Wireless Charging Books Loyalty Thank You How to Experience Two Factor Authentication Techology Content Emergency Congratulations Students Music Worker Audiobook Assessment Healthcare Rootkit Politics Transportation Television Electronic Health Records Troubleshooting Webinar Battery Video Games Benefits Automobile Public Computer IT solutions Employer Employee Relationship CrashOverride Scalability Smart Technology HVAC

Sign up for our Newsletter!

  • Company Name *
  • First Name *
  • Last Name *