XFER has been serving Michigan since 1994, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Your Router Can Host Some Pretty Nasty Malware

Your Router Can Host Some Pretty Nasty Malware

Hundreds of millions of people use wireless Internet connections every day, and as a result, hackers are taking that as a challenge. They are now starting to develop malware that targets people through their routers. Recently, security researchers at Kaspersky Lab have discovered the malware named Slingshot. The code is designed to spy on PCs through a multi-layer attack that targets MikroTik routers. Today we take a look at Slingshot, and other router-based malware and what you can do about it.

Slingshot works by replacing a library file with a malicious version that downloads more malicious components and then eventually launches a two-front attack on the computers connected to it. The first one runs low-level kernel code that gives an intruder free rein of a system, while the other focuses on the user level and includes code to manage the file system and keep the malware alive.

It is a very intricate attack that calls the nefarious code in from an encrypted virtual file system; managing to do so without crashing the host system, a feat not lost on the security experts at Kaspersky Lab, who deemed it a state-sponsored attack because of the quality of the overall attack and the complexity of its components. Reports suggest that the malware can basically steal whatever it wants, including keyboard strokes, passwords, screenshots, and information about network usage and traffic.

MikroTik has announced that they have patched the vulnerability on versions of their routing firmware, but concerns remain as no one is sure if other router manufacturers have been affected. If that were to come to fruition, Slingshot could be a much larger problem than is currently believed.

Other Instances
Slingshot isn’t the first instance of a router turning on its owner. Traditionally, router security is known to be largely unreliable. Much of this is on the manufacturers, which have been known to build many different products without having a strategy in place to keep them working with up-to-date security. It is also up to the user to keep their router’s firmware up-to-date - something that is very easy to not keep top-of-mind. Plus, some routers make firmware updates time-consuming and difficult.

To attack the network, hackers seek to change the DNS server setting on your router. When you try to connect to a secure website, the malicious DNS server tells you to go to an elaborately constructed phishing site instead. By spoofing the domain and rerouting you to a website that is specifically constructed to take advantage of you, you have very little chance of warding off the attack before it’s too late.

Hackers have also been known to inject all types of user hindrances such trying to perform drive-by downloads, or inundating users with advertisements. Many attacks make use of cross-site request forgery attacks where a malicious actor creates a rogue piece of JavaScript that repeatedly tries to load the router’s web-admin page and change the router’s settings.

What to Do If This Happens to You
The first thing you should do is work to ascertain if your router has been compromised. You can do this in several ways, but the most telling is that your DNS server has been changed. You’ll have to access your router's web-based setup page. Once in, you have to visit the Internet connection screen. If your DNS setting is set to automatic, you are in the clear. If it’s set to “manual”, however, there will be custom DNS servers entered in the space. Many times, this is the first sign of a problem.

If you have been compromised, ensuring your router is set up to your manufacturer’s specifications will help you mitigate damage. To ward against this happening to you, you should always:

  • Install firmware updates: Making sure your router’s firmware is updated to the latest version will definitely help.
  • Disable remote access: Stop remote access to secure against anyone changing settings on your networking equipment.
  • Turn off UPnP: Plug and play can be very convenient, but your router could be affected through UPnP if there is any malware on the network since it is designed to universally trust all requests.
  • Change credentials: Changing your passwords are a simple way of keeping unwanted entities out of your router.

For more information about network and cybersecurity, the expert technicians at XFER are accessible and ready to help you keep your network and infrastructure secure. For help, call us at 734-927-6666 / 800-Get-XFER.

Save the Date: Microsoft Products End of Life
Know Your Tech: Cache


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Saturday, August 18 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Security Technology Tip of the Week Privacy Microsoft Internet Cloud Saving Money Best Practices Backup Software Managed Service Provider Workplace Tips Business Computing Small Business Hackers Data Hosted Solutions Google Productivity Hardware Mobile Office Mobile Devices VoIP Gadgets Email Quick Tips Malware Network Efficiency IT Support Social Media Business Management Innovation Network Security Smartphones IT Services Miscellaneous Business Continuity Virtualization Upgrade Business Server Windows Disaster Recovery Communication Managed IT Services Microsoft Office Computer Communications Users Mobile Device Management Passwords User Tips Android Data Backup Smartphone Browser Marketing Holiday Save Money WiFi Alert Data Recovery Vendor Management Mobile Computing Windows 10 Operating System Outsourced IT Remote Monitoring Tech Term Ransomware Cybercrime Information Technology BDR Avoiding Downtime Computers Bring Your Own Device Cloud Computing Apple Internet of Things BYOD Going Green Current Events Telephone Systems History Best Practice VPN Big Data Chrome Remote Computing IT Solutions Router Automation The Internet of Things Artificial Intelligence Employer-Employee Relationship Health Spam Phone System Application Cybersecurity Wireless Technology Collaboration Hacking Facebook Firewall IT Consultant Trending Social Engineering Office Money Budget Proactive IT Managed IT Services Excel App Lithium-ion Battery Printer Bandwidth Networking Business Managament Fax Server Two-factor Authentication Maintenance Windows 8 Mobility iPhone Recovery Business Intelligence How To Content Filtering Apps Tutorials Virus Gmail Phishing Managed IT Value PowerPoint Unified Threat Management Private Cloud Data Protection Redundancy Law Enforcement Customer Relationship Management Office 365 Antivirus Hard Drives Mouse Applications User Error Analytics Data Security Humor Website Outlook Social Networking Conferencing IT Management Digital Payment Compliance Computer Repair Windows 10 Flexibility Entertainment Sports Analysis Search Tablet Twitter IT Support Retail Vulnerability Document Management Streaming Media Risk Management Data Management Connectivity Tech Support Blockchain Network Congestion Word Saving Time Inbound Marketing Save Time Identity Theft Downtime Productivity Office Tips Administration File Sharing Memory Mobile Device Google Drive Bluetooth Data storage People Machine Learning Servers Video Surveillance eWaste Information CES Webinar Internet Exlporer Samsung Instant Messaging PDF IT Plan IBM OneNote HaaS End of Support Settings Online Currency Piracy Safety Wi-Fi Environment Leadership Government Recycling Content Management Administrator YouTube Human Resources Point of Sale Paperless Office Meetings Biometrics Education Infrastructure Data Storage Unsupported Software Statistics IT service Computer Accessories DDoS Update Work/Life Balance Data Breach Hacker Programming Scam Solid State Drive Skype Training Social Encryption Comparison Workers Black Market Windows 7 Augmented Reality Intranet Running Cable Wireless Physical Security Robot Wearable Technology Cleaning Password USB Data loss Public Cloud Touchscreen SaaS Access Control Spam Blocking Smart Tech Best Available Credit Cards Cost Management Debate Cryptocurrency Mobile Cortana Screen Mirroring Hybrid Cloud Content Filter Millennials 360 Emails Wireless Charging Electronic Medical Records IaaS Computing Infrastructure Authentication MSP Multi-Factor Security Strategy Touchpad Upgrades Analyitcs Windows 10s Relocation Customer Service Insurance Business Owner Legal Smart Office Frequently Asked Questions Fraud Monitor Safe Mode Professional Services Google Apps Webcam Charger Cast Consultant Storage Workforce HVAC Flash Fiber-Optic Help Desk Hiring/Firing Nanotechnology Lifestyle HIPAA Cameras Practices Managed Service Software as a Service Tip of the week Amazon Reputation IT Security Accountants Business Technology Tools Computer Care Licensing Addiction Telecommuting PC Care Hosted Solution Print Server Enterprise Content Management Sync Cables Scheduling Internet exploMicrosoft WIndows 7 3D Keyboard Virtual Reality Audit Printer Server Shortcut Remote Support Hosted Computing Proactive eBay NarrowBand nternet Crowdfunding Students Windows Server 2008 Amazon Web Services Alerts Netflix Customers Worker Commute Virtual Assistant Password Manager Uninterrupted Power Supply User Cache Software Tips Remote Work Law Firm IT Password Management Telephony Unified Communications Root Cause Analysis Advertising Managing Stress Domains Company Culture Devices Macro Bloatware Online Shopping Computer Fan Distributed Denial of Service Files Inventory Remote Monitoring and Maintenance Google Docs Staff Co-managed IT Text Messaging Supercomputer Chromecast Science Healthcare Work Station IoT Telephone System Botnet Business Mangement Gaming Console LinkedIn Wireless Internet NIST Start Menu Theft Notifications Net Neutrality Thought Leadership Data Warehousing Specifications Entrepreneur Regulations Evernote FENG Colocation Windows 8.1 Update Line of Business Voice over Internet Protocol Digital Signature Knowledge Laptop Tablets Electronic Health Records Patch Management SharePoint Windows Media Player Virtual Desktop Display Travel Criminal Shadow IT Hiring/Firing Wire HBO Rootkit Politics Transportation Television Troubleshooting Webinar Remote Worker Thank You Benefits Automobile Public Computer IT solutions Employer Employee Relationship CrashOverride Wiring Battery Congratulations Smart Technology Video Games Loyalty Books Experience Two Factor Authentication Content Scalability Emergency Worker Music Audiobook How to Regulation Assessment Techology

Sign up for our Newsletter!

  • Company Name *
  • First Name *
  • Last Name *