window._mfq = window._mfq || []; (function() { var mf = document.createElement("script"); mf.type = "text/javascript"; mf.async = true; mf.src = "//cdn.mouseflow.com/projects/0148bb62-7ff8-46ae-a466-bf3fd13c7d09.js"; document.getElementsByTagName("head")[0].appendChild(mf); })();
407-478-6600    Get SUPPORTLunch & Learn

TaylorWorks Blog

Your Router Can Host Some Pretty Nasty Malware

Your Router Can Host Some Pretty Nasty Malware

Hundreds of millions of people use wireless Internet connections every day, and as a result, hackers are taking that as a challenge. They are now starting to develop malware that targets people through their routers. Recently, security researchers at Kaspersky Lab have discovered the malware named Slingshot. The code is designed to spy on PCs through a multi-layer attack that targets MikroTik routers. Today we take a look at Slingshot, and other router-based malware and what you can do about it.

Slingshot
Slingshot works by replacing a library file with a malicious version that downloads more malicious components and then eventually launches a two-front attack on the computers connected to it. The first one runs low-level kernel code that gives an intruder free rein of a system, while the other focuses on the user level and includes code to manage the file system and keep the malware alive.

It is a very intricate attack that calls the nefarious code in from an encrypted virtual file system; managing to do so without crashing the host system, a feat not lost on the security experts at Kaspersky Lab, who deemed it a state-sponsored attack because of the quality of the overall attack and the complexity of its components. Reports suggest that the malware can basically steal whatever it wants, including keyboard strokes, passwords, screenshots, and information about network usage and traffic.

MikroTik has announced that they have patched the vulnerability on versions of their routing firmware, but concerns remain as no one is sure if other router manufacturers have been affected. If that were to come to fruition, Slingshot could be a much larger problem than is currently believed.

Other Instances
Slingshot isn’t the first instance of a router turning on its owner. Traditionally, router security is known to be largely unreliable. Much of this is on the manufacturers, which have been known to build many different products without having a strategy in place to keep them working with up-to-date security. It is also up to the user to keep their router’s firmware up-to-date - something that is very easy to not keep top-of-mind. Plus, some routers make firmware updates time-consuming and difficult.

To attack the network, hackers seek to change the DNS server setting on your router. When you try to connect to a secure website, the malicious DNS server tells you to go to an elaborately constructed phishing site instead. By spoofing the domain and rerouting you to a website that is specifically constructed to take advantage of you, you have very little chance of warding off the attack before it’s too late.

Hackers have also been known to inject all types of user hindrances such trying to perform drive-by downloads, or inundating users with advertisements. Many attacks make use of cross-site request forgery attacks where a malicious actor creates a rogue piece of JavaScript that repeatedly tries to load the router’s web-admin page and change the router’s settings.

What to Do If This Happens to You
The first thing you should do is work to ascertain if your router has been compromised. You can do this in several ways, but the most telling is that your DNS server has been changed. You’ll have to access your router's web-based setup page. Once in, you have to visit the Internet connection screen. If your DNS setting is set to automatic, you are in the clear. If it’s set to “manual”, however, there will be custom DNS servers entered in the space. Many times, this is the first sign of a problem.

If you have been compromised, ensuring your router is set up to your manufacturer’s specifications will help you mitigate damage. To ward against this happening to you, you should always:

  • Install firmware updates: Making sure your router’s firmware is updated to the latest version will definitely help.
  • Disable remote access: Stop remote access to secure against anyone changing settings on your networking equipment.
  • Turn off UPnP: Plug and play can be very convenient, but your router could be affected through UPnP if there is any malware on the network since it is designed to universally trust all requests.
  • Change credentials: Changing your passwords are a simple way of keeping unwanted entities out of your router.

For more information about network and cybersecurity, the expert technicians at TaylorWorks are accessible and ready to help you keep your network and infrastructure secure. For help, call us at 407-478-6600.

Save the Date: Microsoft Products End of Life
Know Your Tech: Cache
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Friday, May 24 2019
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Tag Cloud

Tip of the Week Security Technology Network Security Best Practices Cloud Business Computing Privacy Hosted Solutions Data Backup Managed IT Services Hackers Email Malware Data Recovery Productivity Internet Innovation User Tips VoIP Mobile Devices Data Google Microsoft Internet of Things Outsourced IT Communications Tech Term Efficiency IT Services Backup Cybersecurity Hardware Software Cloud Computing Business Business Continuity Communication BDR Saving Money IT Support Smartphones Business Management Artificial Intelligence Small Business Android Workplace Tips Gadgets Ransomware Smartphone Managed IT Services Disaster Recovery Windows 10 IT Support Network Mobile Device Router Cybercrime Phishing Browser Server Applications Collaboration Chrome How To Encryption Spam BYOD Windows Computer Law Enforcement Managed IT Training Avoiding Downtime Users Office 365 Virtualization Word Information Social Media Business Intelligence Holiday Proactive IT Money Mobility Mobile Device Management Access Control Two-factor Authentication Blockchain Data Security Passwords Save Money Data Protection Computers Software as a Service App Remote Monitoring Facebook Connectivity Identity Theft File Sharing Automation Miscellaneous Upgrade Telephone Systems Private Cloud Operating System Education Machine Learning Servers Managed Service Bandwidth Business Technology Document Management Alert Paperless Office Wi-Fi Compliance Manufacturing Redundancy Vulnerability IT Management Analysis Settings Firewall Social Engineering Apps Productivity Voice over Internet Protocol Budget Staff Healthcare Microsoft Office Employer-Employee Relationship Windows 7 Data Breach Google Drive Comparison Big Data Telephony Unsupported Software Spam Blocking Cables Data Storage Government Flexibility Website Solid State Drive Password CES Sports Information Technology Remote Computing Display Business Owner Help Desk Value Bring Your Own Device Update Credit Cards Meetings Botnet Content Management Wireless Keyboard Virtual Private Network Fraud Unified Threat Management Data loss Networking Work/Life Balance Smart Tech Virtual Assistant Save Time Mobile Computing Workers Google Docs Augmented Reality Human Resources Cryptocurrency Health Telephone System OneNote Infrastructure Virtual Reality Hacker Scam IT Plan VPN Search Engine Computer Care Fiber-Optic Nanotechnology Black Market Content Filtering Cast HaaS Line of Business File Versioning Knowledge Remote Work Vendor Management Emails Practices Safe Mode Instant Messaging Tools Employee Criminal Wire Hacking Outlook Printer OLED HIPAA Online Shopping Vendor Password Manager Storage Worker Commute Multi-Factor Security Camera Conferencing Accountants HVAC Bing Samsung Battery MSP Multiple Versions Network Congestion Digital Signature Electronic Health Records Legal Entertainment Regulations Charger Hosted Computing USB Root Cause Analysis Digital Signage Downtime Hard Drives Frequently Asked Questions Specifications Mouse Cabling Enterprise Content Management Skype Evernote Computer Fan Business Mangement Software Tips Trending Distribution Unified Communications Devices Computing Infrastructure Remote Worker Restore Data Electronic Medical Records IT Consultant Default App Inventory Recovery Google Search Smart Office Data Management Excel Millennials Administrator IoT Password Management Windows 10 Start Menu Wireless Charging Security Cameras FENG Gmail Addiction Physical Security Public Cloud Lifestyle Logistics Cortana Flash Shortcuts Windows 10s Theft Thought Leadership Data Warehousing WiFi Wiring Backup and Disaster Recovery Leadership Strategy YouTube Microchip Netflix Travel Proactive Net Neutrality Tip of the week Workforce NIST Mobile Employee/Employer Relationship Recycling Cache Managed Service Provider Project Management Amazon eCommerce SaaS Google Apps Streaming Media Patch Management End of Support GDPR Cryptomining Risk Management Cleaning Authentication Screen Mirroring Remote Monitoring and Maintenance ISP Current Events Students Wireless Technology 5G Windows Server 2008 Telecommuting Insurance Professional Services Office Tips Smartwatch eWaste Wireless Internet HBO PDF Warranty Biometric Security Technology Tips Sync Quick Tips Amazon Web Services Social Audit Content Filter Marketing E-Commerce Database webinar The Internet of Things Two Factor Authentication Audiobook Customer Relationship Management Wearable Technology Files Regulation CrashOverride Competition Office Assessment IP Address Transportation Advertising Analytics Bluetooth Video Games Books Colocation Webinar How to Customer Service History Automobile Relocation Television Twitter Mobile Office Benefits Search Printers Best Practice Domains IT solutions Troubleshooting Techology Scalability Humor Public Computer Smart Technology Worker Loyalty Emergency Internet Exlporer Public Speaking Shadow IT Hosted Solution User Error Presentation Experience Lithium-ion battery Hybrid Cloud Rootkit Employer Employee Relationship Company Culture Utility Computing Tech Support Content Hiring/Firing IBM Music Safety Fun Internet exploMicrosoft Computer Accessories Managing Stress Politics

Mobile? Grab this Article!

QR-Code dieser Seite