XFER Blog

XFER has been serving Michigan since 1994, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Your Router Can Host Some Pretty Nasty Malware

Your Router Can Host Some Pretty Nasty Malware

Hundreds of millions of people use wireless Internet connections every day, and as a result, hackers are taking that as a challenge. They are now starting to develop malware that targets people through their routers. Recently, security researchers at Kaspersky Lab have discovered the malware named Slingshot. The code is designed to spy on PCs through a multi-layer attack that targets MikroTik routers. Today we take a look at Slingshot, and other router-based malware and what you can do about it.

Slingshot
Slingshot works by replacing a library file with a malicious version that downloads more malicious components and then eventually launches a two-front attack on the computers connected to it. The first one runs low-level kernel code that gives an intruder free rein of a system, while the other focuses on the user level and includes code to manage the file system and keep the malware alive.

It is a very intricate attack that calls the nefarious code in from an encrypted virtual file system; managing to do so without crashing the host system, a feat not lost on the security experts at Kaspersky Lab, who deemed it a state-sponsored attack because of the quality of the overall attack and the complexity of its components. Reports suggest that the malware can basically steal whatever it wants, including keyboard strokes, passwords, screenshots, and information about network usage and traffic.

MikroTik has announced that they have patched the vulnerability on versions of their routing firmware, but concerns remain as no one is sure if other router manufacturers have been affected. If that were to come to fruition, Slingshot could be a much larger problem than is currently believed.

Other Instances
Slingshot isn’t the first instance of a router turning on its owner. Traditionally, router security is known to be largely unreliable. Much of this is on the manufacturers, which have been known to build many different products without having a strategy in place to keep them working with up-to-date security. It is also up to the user to keep their router’s firmware up-to-date - something that is very easy to not keep top-of-mind. Plus, some routers make firmware updates time-consuming and difficult.

To attack the network, hackers seek to change the DNS server setting on your router. When you try to connect to a secure website, the malicious DNS server tells you to go to an elaborately constructed phishing site instead. By spoofing the domain and rerouting you to a website that is specifically constructed to take advantage of you, you have very little chance of warding off the attack before it’s too late.

Hackers have also been known to inject all types of user hindrances such trying to perform drive-by downloads, or inundating users with advertisements. Many attacks make use of cross-site request forgery attacks where a malicious actor creates a rogue piece of JavaScript that repeatedly tries to load the router’s web-admin page and change the router’s settings.

What to Do If This Happens to You
The first thing you should do is work to ascertain if your router has been compromised. You can do this in several ways, but the most telling is that your DNS server has been changed. You’ll have to access your router's web-based setup page. Once in, you have to visit the Internet connection screen. If your DNS setting is set to automatic, you are in the clear. If it’s set to “manual”, however, there will be custom DNS servers entered in the space. Many times, this is the first sign of a problem.

If you have been compromised, ensuring your router is set up to your manufacturer’s specifications will help you mitigate damage. To ward against this happening to you, you should always:

  • Install firmware updates: Making sure your router’s firmware is updated to the latest version will definitely help.
  • Disable remote access: Stop remote access to secure against anyone changing settings on your networking equipment.
  • Turn off UPnP: Plug and play can be very convenient, but your router could be affected through UPnP if there is any malware on the network since it is designed to universally trust all requests.
  • Change credentials: Changing your passwords are a simple way of keeping unwanted entities out of your router.

For more information about network and cybersecurity, the expert technicians at XFER are accessible and ready to help you keep your network and infrastructure secure. For help, call us at 734-927-6666 / 800-Get-XFER.

Save the Date: Microsoft Products End of Life
Know Your Tech: Cache
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Thursday, January 17 2019
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Security Technology Tip of the Week Privacy Microsoft Internet Cloud Best Practices Saving Money Backup Workplace Tips Software Business Computing Managed Service Provider Hosted Solutions Data Hackers Small Business Google Hardware Mobile Devices Productivity VoIP Mobile Office Malware Email Gadgets Quick Tips Network Security Efficiency Network IT Support Innovation Business IT Services Social Media Business Management Business Continuity Smartphones Server Miscellaneous Upgrade Communication Virtualization User Tips Windows Disaster Recovery Data Backup Communications Computer Microsoft Office Managed IT Services Users Smartphone Passwords Data Recovery Mobile Device Management Browser Android Holiday WiFi Marketing Save Money Alert Tech Term Ransomware Outsourced IT Internet of Things Vendor Management Mobile Computing BDR Cybercrime Cloud Computing Windows 10 Operating System Remote Monitoring Chrome Router BYOD Information Technology Avoiding Downtime Artificial Intelligence Computers Bring Your Own Device Apple Automation Spam Going Green History Best Practice Big Data Remote Computing IT Solutions VPN The Internet of Things Firewall Managed IT Services Telephone Systems Cybersecurity Current Events Employer-Employee Relationship Trending Printer Facebook Application Phone System Collaboration Wireless Technology Hacking Health Social Engineering IT Consultant Proactive IT Productivity Office Excel Windows 10 App Mobility Budget Lithium-ion Battery Bandwidth Money Networking Mobile Device How To Office 365 Maintenance Windows 8 Applications Business Intelligence Unified Threat Management Phishing Two-factor Authentication IT Support Recovery iPhone Mouse Business Managament Content Filtering Fax Server Law Enforcement Apps Gmail Antivirus Encryption Settings PowerPoint Analytics Access Control Google Drive Data Protection User Error Blockchain Managed IT Customer Relationship Management Humor Hard Drives Training Word Information Outlook Sports Value Tutorials Virus Data Security Private Cloud Website Redundancy Connectivity Compliance Social Networking IT Management Digital Payment Flexibility Servers Entertainment Computer Repair Saving Time Tech Support Retail Scam Human Resources Software as a Service Administrator Downtime File Sharing Memory Network Congestion Hacker Conferencing Vulnerability Machine Learning Social Inbound Marketing Analysis Search Wi-Fi Save Time Tablet Twitter Identity Theft Document Management Managed Service Office Tips Voice over Internet Protocol Administration Streaming Media Risk Management Data Management Help Desk Credit Cards DDoS Statistics Data loss Solid State Drive Programming Virtual Assistant Black Market Video Surveillance Skype CES Fraud Instant Messaging Spam Blocking Augmented Reality Intranet IT Plan Wireless Physical Security Environment Running Cable Cleaning Password Wearable Technology Telephone System Piracy Public Cloud IBM Content Management SaaS Biometrics Leadership IT service Unsupported Software Infrastructure OneNote Display Smart Tech Data storage Computer Accessories Best Available Update Bluetooth Data Storage eWaste People Internet Exlporer Comparison Keyboard Samsung Telephony PDF Google Docs Safety USB Work/Life Balance Data Breach Windows 7 HaaS End of Support Robot YouTube Online Currency Government Botnet Recycling Meetings Webinar Workers Touchscreen Point of Sale Paperless Office Education Criminal NarrowBand Wiring HBO Cost Management Print Server Enterprise Content Management Travel Remote Support Hosted Computing Proactive Millennials Customers Upgrades Analyitcs nternet Crowdfunding Students Bing Mobile Cortana Uninterrupted Power Supply Multi-Factor Security Strategy Knowledge Cache Project Management Wireless Charging Advertising Customer Service FENG Chromecast Consultant Company Culture Devices GDPR Frequently Asked Questions Distributed Denial of Service Files Patch Management Law Firm IT Password Management Webcam Screen Mirroring Inventory Remote Monitoring and Maintenance Workforce 360 Emails Healthcare Shortcuts Professional Services Google Apps IoT Lifestyle LinkedIn Wireless Internet Warranty Flash Fiber-Optic Notifications Cameras Electronic Medical Records Laptop Licensing Business Owner Net Neutrality Thought Leadership E-Commerce Tip of the week Amazon Colocation Macro Windows 10s NIST WIndows 7 Charger Cast Windows 8.1 Update Line of Business Telecommuting SharePoint Co-managed IT Virtual Reality PC Care Electronic Health Records eCommerce Tools Shadow IT Scheduling Hiring/Firing HIPAA 3D Wire Microchip Sync Cables Hybrid Cloud Printer Server Shortcut Debate Cryptocurrency Touchpad User eBay Content Filter Camera Windows Server 2008 Amazon Web Services IaaS Computing Infrastructure Worker Commute Legal Managing Stress Domains Computer Care Authentication MSP Software Tips Remote Work Relocation Bloatware Hosted Solution Alerts Vendor Password Manager Insurance Monitor Science Smart Office Unified Communications Safe Mode Staff Text Messaging Storage Online Shopping Audit Gaming Console Nanotechnology Remote Worker Entrepreneur Netflix Work Station HVAC Security Cameras Business Mangement Root Cause Analysis Practices Data Warehousing Specifications Reputation Tablets Search Engine Start Menu Theft IT Security Accountants Business Technology Digital Signature Hiring/Firing Supercomputer Addiction Virtual Private Network Regulations Evernote Internet exploMicrosoft Windows Media Player Virtual Desktop Computer Fan Video Games Emergency Employee/Employer Relationship Worker Music Thank You Audiobook Scalability Assessment Smartwatch Rootkit Congratulations Politics How to Television Transportation Troubleshooting Webinar Techology Regulation Automobile Public Computer Benefits IT solutions Employer Employee Relationship CrashOverride Utility Computing Printers Smart Technology Loyalty Books Experience Battery Content Two Factor Authentication

Sign up for our Newsletter!

  • Company Name *
  • First Name *
  • Last Name *