XFER Blog

XFER has been serving Michigan since 1994, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Your Router Can Host Some Pretty Nasty Malware

Your Router Can Host Some Pretty Nasty Malware

Hundreds of millions of people use wireless Internet connections every day, and as a result, hackers are taking that as a challenge. They are now starting to develop malware that targets people through their routers. Recently, security researchers at Kaspersky Lab have discovered the malware named Slingshot. The code is designed to spy on PCs through a multi-layer attack that targets MikroTik routers. Today we take a look at Slingshot, and other router-based malware and what you can do about it.

Slingshot
Slingshot works by replacing a library file with a malicious version that downloads more malicious components and then eventually launches a two-front attack on the computers connected to it. The first one runs low-level kernel code that gives an intruder free rein of a system, while the other focuses on the user level and includes code to manage the file system and keep the malware alive.

It is a very intricate attack that calls the nefarious code in from an encrypted virtual file system; managing to do so without crashing the host system, a feat not lost on the security experts at Kaspersky Lab, who deemed it a state-sponsored attack because of the quality of the overall attack and the complexity of its components. Reports suggest that the malware can basically steal whatever it wants, including keyboard strokes, passwords, screenshots, and information about network usage and traffic.

MikroTik has announced that they have patched the vulnerability on versions of their routing firmware, but concerns remain as no one is sure if other router manufacturers have been affected. If that were to come to fruition, Slingshot could be a much larger problem than is currently believed.

Other Instances
Slingshot isn’t the first instance of a router turning on its owner. Traditionally, router security is known to be largely unreliable. Much of this is on the manufacturers, which have been known to build many different products without having a strategy in place to keep them working with up-to-date security. It is also up to the user to keep their router’s firmware up-to-date - something that is very easy to not keep top-of-mind. Plus, some routers make firmware updates time-consuming and difficult.

To attack the network, hackers seek to change the DNS server setting on your router. When you try to connect to a secure website, the malicious DNS server tells you to go to an elaborately constructed phishing site instead. By spoofing the domain and rerouting you to a website that is specifically constructed to take advantage of you, you have very little chance of warding off the attack before it’s too late.

Hackers have also been known to inject all types of user hindrances such trying to perform drive-by downloads, or inundating users with advertisements. Many attacks make use of cross-site request forgery attacks where a malicious actor creates a rogue piece of JavaScript that repeatedly tries to load the router’s web-admin page and change the router’s settings.

What to Do If This Happens to You
The first thing you should do is work to ascertain if your router has been compromised. You can do this in several ways, but the most telling is that your DNS server has been changed. You’ll have to access your router's web-based setup page. Once in, you have to visit the Internet connection screen. If your DNS setting is set to automatic, you are in the clear. If it’s set to “manual”, however, there will be custom DNS servers entered in the space. Many times, this is the first sign of a problem.

If you have been compromised, ensuring your router is set up to your manufacturer’s specifications will help you mitigate damage. To ward against this happening to you, you should always:

  • Install firmware updates: Making sure your router’s firmware is updated to the latest version will definitely help.
  • Disable remote access: Stop remote access to secure against anyone changing settings on your networking equipment.
  • Turn off UPnP: Plug and play can be very convenient, but your router could be affected through UPnP if there is any malware on the network since it is designed to universally trust all requests.
  • Change credentials: Changing your passwords are a simple way of keeping unwanted entities out of your router.

For more information about network and cybersecurity, the expert technicians at XFER are accessible and ready to help you keep your network and infrastructure secure. For help, call us at 734-927-6666 / 800-Get-XFER.

Save the Date: Microsoft Products End of Life
Know Your Tech: Cache
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Friday, October 19 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Security Technology Tip of the Week Privacy Microsoft Internet Cloud Best Practices Saving Money Backup Workplace Tips Software Managed Service Provider Business Computing Hackers Data Small Business Hardware Hosted Solutions Mobile Devices Productivity Google Mobile Office VoIP Email Gadgets Malware Quick Tips Network Security Efficiency IT Support Network Innovation Social Media IT Services Business Management Miscellaneous Business Continuity Smartphones Server Upgrade Business Virtualization Communication Windows Disaster Recovery Computer Microsoft Office Communications Managed IT Services User Tips Users Data Backup Passwords Browser Mobile Device Management Android Save Money Marketing Smartphone WiFi Holiday Ransomware Data Recovery Alert Tech Term Mobile Computing Outsourced IT Vendor Management Windows 10 Internet of Things Operating System Cybercrime Remote Monitoring Bring Your Own Device Apple BYOD Computers Information Technology BDR Cloud Computing Avoiding Downtime Big Data Best Practice Remote Computing History Router IT Solutions The Internet of Things Going Green Artificial Intelligence Chrome Firewall Telephone Systems Automation VPN Current Events Employer-Employee Relationship Wireless Technology IT Consultant Trending Application Printer Cybersecurity Collaboration Facebook Hacking Social Engineering Spam Phone System Health Office Lithium-ion Battery Excel Budget Managed IT Services App Bandwidth Money Proactive IT Business Intelligence Mouse Applications Maintenance Content Filtering Windows 8 Two-factor Authentication Mobility Recovery Unified Threat Management How To Business Managament iPhone Networking Windows 10 Fax Server Antivirus Data Protection Analytics Apps Managed IT Data Security User Error PowerPoint Value Humor Sports Outlook Private Cloud Productivity Website Tutorials Virus Redundancy Law Enforcement Customer Relationship Management Phishing Hard Drives Training Gmail Office 365 Encryption Inbound Marketing Entertainment Analysis Saving Time IT Support Retail Settings Vulnerability Blockchain Tech Support Connectivity Administration Word Downtime File Sharing Memory Scam Mobile Device Google Drive Network Congestion Social Networking Digital Payment Conferencing Computer Repair Identity Theft Tablet Search Save Time Twitter IT Management Office Tips Document Management Data Management Streaming Media Risk Management Compliance Flexibility Information Skype Content Management Black Market Programming Social Instant Messaging Infrastructure Unsupported Software Environment Cleaning Password Paperless Office Running Cable OneNote Wireless Physical Security Augmented Reality Intranet Managed Service Human Resources Public Cloud Touchscreen Update Wearable Technology SaaS Biometrics Data Storage Keyboard IT service Comparison Hacker Windows 7 Best Available Data storage Virtual Assistant Work/Life Balance Data Breach Video Surveillance Bluetooth Workers Internet Exlporer People eWaste PDF Samsung Telephone System Credit Cards HaaS End of Support Piracy Robot Safety Wi-Fi IBM USB Access Control Online Currency Administrator YouTube Data loss Leadership Government Servers Point of Sale Meetings Recycling Smart Tech Fraud Spam Blocking Computer Accessories CES Education Machine Learning Statistics Webinar IT Plan DDoS Solid State Drive Tip of the week Amazon Advertising Storage Help Desk Windows 10s Customer Service Software as a Service Safe Mode Business Owner Distributed Denial of Service Files Nanotechnology Company Culture Remote Worker Text Messaging Tools Chromecast Law Firm IT HVAC Charger Cast Consultant Telecommuting HIPAA Gaming Console Sync Cables Hiring/Firing Work Station Practices Windows Server 2008 Amazon Web Services Notifications Addiction LinkedIn Virtual Private Network Cameras Accountants Business Technology Colocation Net Neutrality Wiring Hosted Solution Password Manager Laptop Enterprise Content Management Computer Care Licensing Software Tips Remote Work Proactive Virtual Reality Telephony Unified Communications Shadow IT Students WIndows 7 SharePoint Hosted Computing Windows 8.1 Update Online Shopping Hybrid Cloud Cache Project Management Audit Printer Server Shortcut Google Docs Staff Display Macro IaaS Computing Infrastructure Devices GDPR Netflix Worker Commute Botnet Business Mangement Touchpad Password Management Debate Co-managed IT User Inventory Remote Monitoring and Maintenance Bloatware Start Menu Theft Legal Healthcare Root Cause Analysis Managing Stress Domains Data Warehousing Specifications Relocation Webcam Science Regulations Evernote Wireless Internet Warranty Computer Fan Voice over Internet Protocol Digital Signature Monitor IoT Supercomputer Thought Leadership E-Commerce Travel Criminal NIST HBO Line of Business Entrepreneur Mobile Cortana Electronic Health Records Millennials Tablets Wireless Charging Wire FENG PC Care Multi-Factor Security Strategy Reputation Knowledge Frequently Asked Questions Internet exploMicrosoft Content Filter Camera Patch Management 3D Windows Media Player Virtual Desktop IT Security Cryptocurrency Scheduling Hiring/Firing Authentication MSP 360 Emails eBay Cost Management Professional Services Google Apps NarrowBand Print Server Screen Mirroring Workforce Upgrades Analyitcs Flash Fiber-Optic Uninterrupted Power Supply nternet Smart Office Crowdfunding Electronic Medical Records Alerts Lifestyle Customers Remote Support Insurance Printers Transportation Television Thank You Troubleshooting Webinar Scalability Benefits Automobile Public Computer Congratulations IT solutions How to Techology Employer Employee Relationship CrashOverride Smart Technology Books Loyalty Experience Two Factor Authentication Content Emergency Music Worker Regulation Audiobook Battery Assessment Video Games Rootkit Politics

Sign up for our Newsletter!

  • Company Name *
  • First Name *
  • Last Name *
      • Company Name *
      • Number of Participants *
      • First Name *
      • Last Name *
      • Phone *
      • Yes, subscribe me to: