window._mfq = window._mfq || []; (function() { var mf = document.createElement("script"); mf.type = "text/javascript"; mf.async = true; mf.src = "//"; document.getElementsByTagName("head")[0].appendChild(mf); })();
407-478-6600    Get SUPPORT

TaylorWorks Blog

Your Router Can Host Some Pretty Nasty Malware

Your Router Can Host Some Pretty Nasty Malware

Hundreds of millions of people use wireless Internet connections every day, and as a result, hackers are taking that as a challenge. They are now starting to develop malware that targets people through their routers. Recently, security researchers at Kaspersky Lab have discovered the malware named Slingshot. The code is designed to spy on PCs through a multi-layer attack that targets MikroTik routers. Today we take a look at Slingshot, and other router-based malware and what you can do about it.

Slingshot works by replacing a library file with a malicious version that downloads more malicious components and then eventually launches a two-front attack on the computers connected to it. The first one runs low-level kernel code that gives an intruder free rein of a system, while the other focuses on the user level and includes code to manage the file system and keep the malware alive.

It is a very intricate attack that calls the nefarious code in from an encrypted virtual file system; managing to do so without crashing the host system, a feat not lost on the security experts at Kaspersky Lab, who deemed it a state-sponsored attack because of the quality of the overall attack and the complexity of its components. Reports suggest that the malware can basically steal whatever it wants, including keyboard strokes, passwords, screenshots, and information about network usage and traffic.

MikroTik has announced that they have patched the vulnerability on versions of their routing firmware, but concerns remain as no one is sure if other router manufacturers have been affected. If that were to come to fruition, Slingshot could be a much larger problem than is currently believed.

Other Instances
Slingshot isn’t the first instance of a router turning on its owner. Traditionally, router security is known to be largely unreliable. Much of this is on the manufacturers, which have been known to build many different products without having a strategy in place to keep them working with up-to-date security. It is also up to the user to keep their router’s firmware up-to-date - something that is very easy to not keep top-of-mind. Plus, some routers make firmware updates time-consuming and difficult.

To attack the network, hackers seek to change the DNS server setting on your router. When you try to connect to a secure website, the malicious DNS server tells you to go to an elaborately constructed phishing site instead. By spoofing the domain and rerouting you to a website that is specifically constructed to take advantage of you, you have very little chance of warding off the attack before it’s too late.

Hackers have also been known to inject all types of user hindrances such trying to perform drive-by downloads, or inundating users with advertisements. Many attacks make use of cross-site request forgery attacks where a malicious actor creates a rogue piece of JavaScript that repeatedly tries to load the router’s web-admin page and change the router’s settings.

What to Do If This Happens to You
The first thing you should do is work to ascertain if your router has been compromised. You can do this in several ways, but the most telling is that your DNS server has been changed. You’ll have to access your router's web-based setup page. Once in, you have to visit the Internet connection screen. If your DNS setting is set to automatic, you are in the clear. If it’s set to “manual”, however, there will be custom DNS servers entered in the space. Many times, this is the first sign of a problem.

If you have been compromised, ensuring your router is set up to your manufacturer’s specifications will help you mitigate damage. To ward against this happening to you, you should always:

  • Install firmware updates: Making sure your router’s firmware is updated to the latest version will definitely help.
  • Disable remote access: Stop remote access to secure against anyone changing settings on your networking equipment.
  • Turn off UPnP: Plug and play can be very convenient, but your router could be affected through UPnP if there is any malware on the network since it is designed to universally trust all requests.
  • Change credentials: Changing your passwords are a simple way of keeping unwanted entities out of your router.

For more information about network and cybersecurity, the expert technicians at TaylorWorks are accessible and ready to help you keep your network and infrastructure secure. For help, call us at 407-478-6600.

Save the Date: Microsoft Products End of Life
Know Your Tech: Cache


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Tuesday, August 21 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Newsletter Sign Up

  • Company Name *
  • First Name *
  • Last Name *

      Tag Cloud

      Tip of the Week Security Technology Cloud Best Practices Privacy Managed IT Services Network Security Business Computing Data Backup Hackers Email Malware VoIP Outsourced IT Hosted Solutions Data Recovery Backup Mobile Devices Microsoft Tech Term Google Software Cloud Computing Data Business Continuity Innovation Saving Money Internet of Things Cybersecurity IT Support Android Efficiency Hardware Internet BDR Small Business Cybercrime Ransomware User Tips Disaster Recovery Smartphones Communications IT Services Law Enforcement Gadgets Managed IT Network Managed IT Services Router Artificial Intelligence Business How To Communication Applications Windows IT Support Smartphone Money Browser Business Management Computers BYOD Business Intelligence Phishing Mobile Device Management Chrome Avoiding Downtime Two-factor Authentication Data Security Data Protection Productivity Virtualization Collaboration Apps Productivity Compliance Bandwidth Proactive IT Blockchain Identity Theft Save Money Analysis Office 365 Alert Word Windows 10 Social Media Vulnerability Spam Social Engineering Telephone Systems Connectivity Remote Monitoring Redundancy Computer Mobility App IT Management Document Management Facebook Passwords Information Technology Work/Life Balance Password Content Management IT Plan Automation Private Cloud Windows 7 Comparison Microsoft Office Server Budget Value Operating System Firewall Access Control Unsupported Software Paperless Office Smart Tech Big Data Data Storage Website Miscellaneous Networking Servers Credit Cards Upgrade Workers Update VPN Infrastructure Information Training OneNote Business Owner Data loss Wi-Fi Education Bring Your Own Device Employer-Employee Relationship Holiday File Sharing CES Data Breach Encryption Machine Learning Solid State Drive Spam Blocking Mobile Device Flexibility Downtime Hard Drives Inventory Sync Amazon Web Services Charger Virtual Assistant Smart Office Voice over Internet Protocol IoT Password Management Remote Work The Internet of Things Save Time Gmail Cast Addiction Software as a Service Marketing Hacker Computer Fan Strategy Outlook YouTube Electronic Medical Records IT Consultant Patch Management Theft Thought Leadership Tools Risk Management Remote Monitoring and Maintenance Computing Infrastructure Telephony Online Shopping Telephone System Multi-Factor Security Public Cloud Regulations NIST Recycling Cache Government FENG Workplace Tips Frequently Asked Questions Specifications Leadership Virtual Reality Scam Cortana Google Apps Root Cause Analysis Streaming Media Users Windows 10s Line of Business Black Market Content Filtering Authentication Skype Evernote Unified Threat Management Netflix Human Resources Software Tips Students Trending Managed Service Provider Insurance Cryptocurrency Hacking eWaste Wireless Internet Instant Messaging Excel Millennials Worker Commute Meetings Content Filter Botnet SaaS HIPAA MSP End of Support Wireless Current Events Battery Fiber-Optic Nanotechnology Start Menu Wireless Charging Cleaning Settings Legal Entertainment Staff Physical Security Healthcare Lifestyle USB PDF Practices Flash Safe Mode Fraud Windows 10 Health Office Tips Criminal Data Warehousing Wire Accountants Tip of the week HVAC Workforce webinar Technology Tips Password Manager Storage Travel Audit Remote Computing Electronic Health Records Mobile Computing Knowledge Cables Mobile Computer Care Managed Service HaaS Digital Signature Recovery Google Drive Hosted Computing Amazon Emails Data Management Business Technology Sports Google Docs Windows Server 2008 Enterprise Content Management Telecommuting Augmented Reality Conferencing Business Mangement Screen Mirroring Keyboard HBO Wireless Technology Network Congestion Unified Communications Devices Professional Services Samsung Proactive Shadow IT Hosted Solution IBM Webinar History Safety Search Relocation Television Experience Customer Relationship Management IT solutions Content Techology Competition Worker Humor IP Address Public Computer Music Company Culture Loyalty Politics Internet Exlporer Customer Service Audiobook Regulation User Error Hybrid Cloud Rootkit Mobile Office Wearable Technology Managing Stress Domains Employer Employee Relationship Transportation Video Games Books Hiring/Firing Automobile WiFi How to Public Speaking Computer Accessories Benefits Quick Tips Remote Worker Fun Internet exploMicrosoft Presentation Two Factor Authentication Best Practice Troubleshooting Vendor Management Files Lithium-ion battery CrashOverride Advertising Bluetooth Smart Technology Office Twitter Assessment Scalability Wiring 5G Emergency Tech Support Colocation

      Mobile? Grab this Article!

      QR-Code dieser Seite