window._mfq = window._mfq || []; (function() { var mf = document.createElement("script"); mf.type = "text/javascript"; mf.async = true; mf.src = "//"; document.getElementsByTagName("head")[0].appendChild(mf); })();
407-478-6600    Get SUPPORT

TaylorWorks Blog

Your Router Can Host Some Pretty Nasty Malware

Your Router Can Host Some Pretty Nasty Malware

Hundreds of millions of people use wireless Internet connections every day, and as a result, hackers are taking that as a challenge. They are now starting to develop malware that targets people through their routers. Recently, security researchers at Kaspersky Lab have discovered the malware named Slingshot. The code is designed to spy on PCs through a multi-layer attack that targets MikroTik routers. Today we take a look at Slingshot, and other router-based malware and what you can do about it.

Slingshot works by replacing a library file with a malicious version that downloads more malicious components and then eventually launches a two-front attack on the computers connected to it. The first one runs low-level kernel code that gives an intruder free rein of a system, while the other focuses on the user level and includes code to manage the file system and keep the malware alive.

It is a very intricate attack that calls the nefarious code in from an encrypted virtual file system; managing to do so without crashing the host system, a feat not lost on the security experts at Kaspersky Lab, who deemed it a state-sponsored attack because of the quality of the overall attack and the complexity of its components. Reports suggest that the malware can basically steal whatever it wants, including keyboard strokes, passwords, screenshots, and information about network usage and traffic.

MikroTik has announced that they have patched the vulnerability on versions of their routing firmware, but concerns remain as no one is sure if other router manufacturers have been affected. If that were to come to fruition, Slingshot could be a much larger problem than is currently believed.

Other Instances
Slingshot isn’t the first instance of a router turning on its owner. Traditionally, router security is known to be largely unreliable. Much of this is on the manufacturers, which have been known to build many different products without having a strategy in place to keep them working with up-to-date security. It is also up to the user to keep their router’s firmware up-to-date - something that is very easy to not keep top-of-mind. Plus, some routers make firmware updates time-consuming and difficult.

To attack the network, hackers seek to change the DNS server setting on your router. When you try to connect to a secure website, the malicious DNS server tells you to go to an elaborately constructed phishing site instead. By spoofing the domain and rerouting you to a website that is specifically constructed to take advantage of you, you have very little chance of warding off the attack before it’s too late.

Hackers have also been known to inject all types of user hindrances such trying to perform drive-by downloads, or inundating users with advertisements. Many attacks make use of cross-site request forgery attacks where a malicious actor creates a rogue piece of JavaScript that repeatedly tries to load the router’s web-admin page and change the router’s settings.

What to Do If This Happens to You
The first thing you should do is work to ascertain if your router has been compromised. You can do this in several ways, but the most telling is that your DNS server has been changed. You’ll have to access your router's web-based setup page. Once in, you have to visit the Internet connection screen. If your DNS setting is set to automatic, you are in the clear. If it’s set to “manual”, however, there will be custom DNS servers entered in the space. Many times, this is the first sign of a problem.

If you have been compromised, ensuring your router is set up to your manufacturer’s specifications will help you mitigate damage. To ward against this happening to you, you should always:

  • Install firmware updates: Making sure your router’s firmware is updated to the latest version will definitely help.
  • Disable remote access: Stop remote access to secure against anyone changing settings on your networking equipment.
  • Turn off UPnP: Plug and play can be very convenient, but your router could be affected through UPnP if there is any malware on the network since it is designed to universally trust all requests.
  • Change credentials: Changing your passwords are a simple way of keeping unwanted entities out of your router.

For more information about network and cybersecurity, the expert technicians at TaylorWorks are accessible and ready to help you keep your network and infrastructure secure. For help, call us at 407-478-6600.

Save the Date: Microsoft Products End of Life
Know Your Tech: Cache


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Wednesday, January 16 2019
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Tag Cloud

Tip of the Week Security Technology Cloud Network Security Best Practices Business Computing Data Backup Managed IT Services Privacy Hackers Hosted Solutions Malware Data Recovery Mobile Devices VoIP Email Data Outsourced IT Google Tech Term Innovation User Tips Internet Microsoft Hardware Internet of Things Business Continuity Cloud Computing Backup Software Communications IT Services BDR Saving Money Business Communication Ransomware Efficiency Cybersecurity Cybercrime Smartphone IT Support Android Small Business Router Artificial Intelligence Productivity Smartphones Managed IT Services Windows 10 Network Workplace Tips Chrome Disaster Recovery Browser IT Support Applications Business Management Law Enforcement Managed IT Phishing Computer How To Gadgets Mobile Device Management Information Server Data Protection Money Two-factor Authentication Save Money Computers BYOD Word Business Intelligence Office 365 Holiday Avoiding Downtime Mobility Access Control Blockchain Mobile Device Collaboration Virtualization Data Security Windows Spam Compliance Redundancy IT Management Wi-Fi Firewall Vulnerability Voice over Internet Protocol Managed Service Settings Passwords Software as a Service Alert Training Connectivity Apps Identity Theft Productivity Social Engineering Encryption Machine Learning Servers Telephone Systems Automation Miscellaneous App Remote Monitoring Upgrade Facebook Document Management Bandwidth Proactive IT Social Media Analysis Human Resources Private Cloud Google Docs Networking Unified Threat Management VPN Workers Infrastructure IT Plan Windows 7 Scam OneNote Comparison Telephony Unsupported Software File Sharing Data Storage Hacker CES Sports Data Breach Microsoft Office Virtual Assistant Budget Big Data Credit Cards Spam Blocking Update Business Owner Content Management Website Telephone System Botnet Employer-Employee Relationship Education Bring Your Own Device Google Drive Paperless Office Fraud Keyboard Value Operating System Flexibility Smart Tech Data loss Solid State Drive Mobile Computing Password Work/Life Balance Information Technology Save Time Students Bing Leadership Windows 10 Amazon Authentication MSP Windows 10s Mouse Windows Server 2008 Telecommuting Computing Infrastructure Risk Management Insurance Cryptocurrency Netflix Screen Mirroring Patch Management eWaste Wireless Internet HBO Display Professional Services Content Filter Staff Healthcare Help Desk Sync Amazon Web Services Public Cloud Fiber-Optic Nanotechnology Remote Worker SaaS Administrator Current Events Remote Work Augmented Reality Practices Safe Mode Cleaning Cast Cortana Virtual Reality Criminal Wire Virtual Private Network Outlook Wireless Technology Accountants HVAC Business Technology Security Cameras Tools Black Market Content Filtering Password Manager Storage Hacking Digital Signature Electronic Health Records Shortcuts webinar Managed Service Provider Online Shopping Instant Messaging Cables Wiring Audit Multi-Factor Security Microchip Knowledge Regulations The Internet of Things End of Support HIPAA Hosted Computing Proactive Computer Care Marketing Government Worker Commute Project Management Frequently Asked Questions Specifications Legal Entertainment Enterprise Content Management Emails Root Cause Analysis Battery Business Mangement Software Tips Trending Health Office Tips eCommerce Conferencing Skype Evernote PDF USB Unified Communications Devices GDPR Network Congestion Remote Computing Inventory Remote Monitoring and Maintenance Samsung Technology Tips Smart Office Warranty Downtime Excel Millennials HaaS IoT Password Management Charger Meetings Users Gmail Addiction Physical Security Lifestyle Data Management Strategy YouTube Social Start Menu Wireless Charging Recovery Theft Thought Leadership E-Commerce Computer Fan Electronic Medical Records Search Engine IT Consultant Flash Line of Business Data Warehousing WiFi Printer Tip of the week Workforce NIST Travel Recycling Cache Wireless Vendor Mobile Hard Drives Google Apps Streaming Media Camera FENG Search Experience Loyalty Relocation Public Speaking Presentation Techology Content Managing Stress Rootkit Printers Employer Employee Relationship Music Lithium-ion battery Humor Internet Exlporer Politics 5G User Error Audiobook Tech Support Safety Computer Accessories IBM Hybrid Cloud Wearable Technology Two Factor Authentication Video Games Transportation CrashOverride Vendor Management Employee/Employer Relationship Hiring/Firing Books Twitter Competition Automobile Bluetooth Customer Relationship Management How to Assessment Utility Computing Fun Internet exploMicrosoft IP Address Quick Tips Benefits Best Practice Smartwatch Webinar Files Customer Service Troubleshooting Television Advertising Scalability Mobile Office Office Smart Technology Domains Colocation Regulation IT solutions Emergency History Company Culture Worker Shadow IT Hosted Solution Public Computer

Mobile? Grab this Article!

QR-Code dieser Seite