(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','https://www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-78946278-1', 'auto'); ga('send', 'pageview');
407-478-6600    Get SUPPORT

TaylorWorks Blog

TaylorWorks has been serving the Longwood area since 1999, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Your Router Can Host Some Pretty Nasty Malware

Your Router Can Host Some Pretty Nasty Malware

Hundreds of millions of people use wireless Internet connections every day, and as a result, hackers are taking that as a challenge. They are now starting to develop malware that targets people through their routers. Recently, security researchers at Kaspersky Lab have discovered the malware named Slingshot. The code is designed to spy on PCs through a multi-layer attack that targets MikroTik routers. Today we take a look at Slingshot, and other router-based malware and what you can do about it.

Slingshot
Slingshot works by replacing a library file with a malicious version that downloads more malicious components and then eventually launches a two-front attack on the computers connected to it. The first one runs low-level kernel code that gives an intruder free rein of a system, while the other focuses on the user level and includes code to manage the file system and keep the malware alive.

It is a very intricate attack that calls the nefarious code in from an encrypted virtual file system; managing to do so without crashing the host system, a feat not lost on the security experts at Kaspersky Lab, who deemed it a state-sponsored attack because of the quality of the overall attack and the complexity of its components. Reports suggest that the malware can basically steal whatever it wants, including keyboard strokes, passwords, screenshots, and information about network usage and traffic.

MikroTik has announced that they have patched the vulnerability on versions of their routing firmware, but concerns remain as no one is sure if other router manufacturers have been affected. If that were to come to fruition, Slingshot could be a much larger problem than is currently believed.

Other Instances
Slingshot isn’t the first instance of a router turning on its owner. Traditionally, router security is known to be largely unreliable. Much of this is on the manufacturers, which have been known to build many different products without having a strategy in place to keep them working with up-to-date security. It is also up to the user to keep their router’s firmware up-to-date - something that is very easy to not keep top-of-mind. Plus, some routers make firmware updates time-consuming and difficult.

To attack the network, hackers seek to change the DNS server setting on your router. When you try to connect to a secure website, the malicious DNS server tells you to go to an elaborately constructed phishing site instead. By spoofing the domain and rerouting you to a website that is specifically constructed to take advantage of you, you have very little chance of warding off the attack before it’s too late.

Hackers have also been known to inject all types of user hindrances such trying to perform drive-by downloads, or inundating users with advertisements. Many attacks make use of cross-site request forgery attacks where a malicious actor creates a rogue piece of JavaScript that repeatedly tries to load the router’s web-admin page and change the router’s settings.

What to Do If This Happens to You
The first thing you should do is work to ascertain if your router has been compromised. You can do this in several ways, but the most telling is that your DNS server has been changed. You’ll have to access your router's web-based setup page. Once in, you have to visit the Internet connection screen. If your DNS setting is set to automatic, you are in the clear. If it’s set to “manual”, however, there will be custom DNS servers entered in the space. Many times, this is the first sign of a problem.

If you have been compromised, ensuring your router is set up to your manufacturer’s specifications will help you mitigate damage. To ward against this happening to you, you should always:

  • Install firmware updates: Making sure your router’s firmware is updated to the latest version will definitely help.
  • Disable remote access: Stop remote access to secure against anyone changing settings on your networking equipment.
  • Turn off UPnP: Plug and play can be very convenient, but your router could be affected through UPnP if there is any malware on the network since it is designed to universally trust all requests.
  • Change credentials: Changing your passwords are a simple way of keeping unwanted entities out of your router.

For more information about network and cybersecurity, the expert technicians at TaylorWorks are accessible and ready to help you keep your network and infrastructure secure. For help, call us at 407-478-6600.

Save the Date: Microsoft Products End of Life
Know Your Tech: Cache
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Monday, June 25 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Newsletter Sign Up

  • Company Name *
  • First Name *
  • Last Name *

      Tag Cloud

      Tip of the Week Security Cloud Technology Best Practices Managed IT Services Network Security Privacy Business Computing Hackers Data Backup Malware Email VoIP Microsoft Backup Outsourced IT Hosted Solutions Google Software Data Recovery Cloud Computing Saving Money Mobile Devices Internet of Things Business Continuity Android Internet IT Support Data Small Business Cybercrime Cybersecurity Disaster Recovery Ransomware Efficiency Tech Term Router Law Enforcement Communications Communication IT Services BDR Smartphones Hardware Managed IT How To Innovation User Tips Business Managed IT Services Avoiding Downtime Data Security Money Data Protection Productivity Collaboration BYOD Mobile Device Management Artificial Intelligence Two-factor Authentication Computers Business Management Business Intelligence Phishing Chrome Browser Smartphone Virtualization Bandwidth Identity Theft Computer Word Vulnerability App Compliance Redundancy Office 365 Remote Monitoring Document Management Alert Spam Telephone Systems Proactive IT Social Engineering Windows 10 Apps Gadgets Connectivity Mobility Network Windows IT Support Windows 7 Value Operating System Server Unsupported Software Smart Tech Content Management Wi-Fi Networking Passwords Credit Cards Workers Servers Solid State Drive Data loss Firewall Infrastructure Business Owner Private Cloud Holiday Website Mobile Device Comparison Data Storage Bring Your Own Device Save Money Update Analysis Facebook OneNote Flexibility Budget VPN Information Technology Big Data Education Employer-Employee Relationship Data Breach IT Management Upgrade Applications Spam Blocking IT Plan Social Media CES Work/Life Balance Thought Leadership Remote Work Wireless Windows 10 USB Paperless Office Unified Communications Tools Root Cause Analysis Multi-Factor Security End of Support Streaming Media Workplace Tips Regulations Health Students Theft Virtual Reality Windows 10s Office Tips Meetings Trending Cortana Software Tips Insurance Blockchain Wireless Technology Content Filter Managed Service Provider SaaS Healthcare Google Apps Worker Commute Botnet Lifestyle Legal Current Events Physical Security Hacker Marketing Practices Human Resources Entertainment Storage Fraud Flash Microsoft Office Training Electronic Health Records Audit Travel Password Mobile Computing Technology Tips Knowledge Hosted Computing Staff Amazon Recovery Emails Screen Mirroring Content Filtering Machine Learning Password Manager Network Congestion HBO Public Cloud Inventory Digital Signature Addiction Amazon Web Services Sync Charger Hard Drives Cast YouTube Business Mangement Save Time Computer Fan Software as a Service IT Consultant Outlook Electronic Medical Records Access Control Encryption Risk Management Cache Online Shopping Telephony Gmail FENG Government Strategy Specifications Leadership Frequently Asked Questions PDF Authentication Keyboard Wireless Internet Evernote Black Market Netflix Skype Unified Threat Management HaaS Recycling Hacking Nanotechnology HIPAA Millennials Excel Google Drive The Internet of Things Wire Wireless Charging Battery Settings Start Menu Productivity Cleaning Data Warehousing Patch Management HVAC eWaste Workforce Remote Computing webinar Tip of the week Computer Care Sports Fiber-Optic Mobile Google Docs Computing Infrastructure Scam Users Criminal Data Management Devices Accountants Telecommuting Conferencing Windows Server 2008 Samsung Smart Office Cables Professional Services Downtime Voice over Internet Protocol Automation IoT Search Benefits NIST Content Worker Presentation Loyalty Troubleshooting Internet exploMicrosoft Smart Technology Audiobook Instant Messaging 5G Rootkit Files IBM Hosted Solution Advertising How to History Customer Relationship Management Best Practice IP Address Two Factor Authentication Twitter Vendor Management Assessment Customer Service Techology Office Mobile Office Domains Shadow IT Webinar Television User Error Books Relocation Hybrid Cloud Public Speaking IT solutions Public Computer Company Culture Politics Humor Lithium-ion battery Quick Tips Augmented Reality Tech Support Emergency Managing Stress Video Games Safety Employer Employee Relationship Experience WiFi Hiring/Firing Colocation Automobile Computer Accessories Competition Music Fun CrashOverride Enterprise Content Management Scalability Miscellaneous Bluetooth Wearable Technology Internet Exlporer Transportation Password Management

      Mobile? Grab this Article!

      QR-Code dieser Seite