window._mfq = window._mfq || []; (function() { var mf = document.createElement("script"); mf.type = "text/javascript"; mf.async = true; mf.src = "//"; document.getElementsByTagName("head")[0].appendChild(mf); })();
407-478-6600    Get SUPPORT

TaylorWorks Blog

Your Router Can Host Some Pretty Nasty Malware

Your Router Can Host Some Pretty Nasty Malware

Hundreds of millions of people use wireless Internet connections every day, and as a result, hackers are taking that as a challenge. They are now starting to develop malware that targets people through their routers. Recently, security researchers at Kaspersky Lab have discovered the malware named Slingshot. The code is designed to spy on PCs through a multi-layer attack that targets MikroTik routers. Today we take a look at Slingshot, and other router-based malware and what you can do about it.

Slingshot works by replacing a library file with a malicious version that downloads more malicious components and then eventually launches a two-front attack on the computers connected to it. The first one runs low-level kernel code that gives an intruder free rein of a system, while the other focuses on the user level and includes code to manage the file system and keep the malware alive.

It is a very intricate attack that calls the nefarious code in from an encrypted virtual file system; managing to do so without crashing the host system, a feat not lost on the security experts at Kaspersky Lab, who deemed it a state-sponsored attack because of the quality of the overall attack and the complexity of its components. Reports suggest that the malware can basically steal whatever it wants, including keyboard strokes, passwords, screenshots, and information about network usage and traffic.

MikroTik has announced that they have patched the vulnerability on versions of their routing firmware, but concerns remain as no one is sure if other router manufacturers have been affected. If that were to come to fruition, Slingshot could be a much larger problem than is currently believed.

Other Instances
Slingshot isn’t the first instance of a router turning on its owner. Traditionally, router security is known to be largely unreliable. Much of this is on the manufacturers, which have been known to build many different products without having a strategy in place to keep them working with up-to-date security. It is also up to the user to keep their router’s firmware up-to-date - something that is very easy to not keep top-of-mind. Plus, some routers make firmware updates time-consuming and difficult.

To attack the network, hackers seek to change the DNS server setting on your router. When you try to connect to a secure website, the malicious DNS server tells you to go to an elaborately constructed phishing site instead. By spoofing the domain and rerouting you to a website that is specifically constructed to take advantage of you, you have very little chance of warding off the attack before it’s too late.

Hackers have also been known to inject all types of user hindrances such trying to perform drive-by downloads, or inundating users with advertisements. Many attacks make use of cross-site request forgery attacks where a malicious actor creates a rogue piece of JavaScript that repeatedly tries to load the router’s web-admin page and change the router’s settings.

What to Do If This Happens to You
The first thing you should do is work to ascertain if your router has been compromised. You can do this in several ways, but the most telling is that your DNS server has been changed. You’ll have to access your router's web-based setup page. Once in, you have to visit the Internet connection screen. If your DNS setting is set to automatic, you are in the clear. If it’s set to “manual”, however, there will be custom DNS servers entered in the space. Many times, this is the first sign of a problem.

If you have been compromised, ensuring your router is set up to your manufacturer’s specifications will help you mitigate damage. To ward against this happening to you, you should always:

  • Install firmware updates: Making sure your router’s firmware is updated to the latest version will definitely help.
  • Disable remote access: Stop remote access to secure against anyone changing settings on your networking equipment.
  • Turn off UPnP: Plug and play can be very convenient, but your router could be affected through UPnP if there is any malware on the network since it is designed to universally trust all requests.
  • Change credentials: Changing your passwords are a simple way of keeping unwanted entities out of your router.

For more information about network and cybersecurity, the expert technicians at TaylorWorks are accessible and ready to help you keep your network and infrastructure secure. For help, call us at 407-478-6600.

Save the Date: Microsoft Products End of Life
Know Your Tech: Cache


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Thursday, October 18 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Tag Cloud

Tip of the Week Security Technology Network Security Cloud Best Practices Managed IT Services Privacy Business Computing Hackers Data Backup Email Malware VoIP Outsourced IT Hosted Solutions Mobile Devices Data Data Recovery Tech Term Internet Microsoft Google Innovation Backup Saving Money Internet of Things Business Continuity Cloud Computing Software Hardware Ransomware IT Services Smartphones Android IT Support Efficiency BDR Communication Small Business Communications Cybersecurity User Tips Disaster Recovery Artificial Intelligence Browser Applications Cybercrime Law Enforcement Windows 10 Managed IT Business Workplace Tips Network How To Computer Router Productivity Gadgets Managed IT Services Smartphone Phishing Save Money Mobile Device Management Money Chrome Computers Two-factor Authentication BYOD Business Intelligence IT Support Data Security Avoiding Downtime Collaboration Data Protection Windows Business Management Virtualization Information Upgrade Firewall Vulnerability Social Media Spam Server Identity Theft Training Word Alert Connectivity Passwords Apps Social Engineering Telephone Systems Productivity Mobility Proactive IT IT Management Document Management Bandwidth Redundancy App Remote Monitoring Blockchain Facebook Office 365 Analysis Miscellaneous Compliance Password Windows 7 Information Technology Workers Comparison Private Cloud Settings Unsupported Software VPN Infrastructure Scam OneNote Managed Service Data Storage Wi-Fi Data Breach Servers Credit Cards Update Virtual Assistant File Sharing CES Sports Spam Blocking Encryption Machine Learning Business Owner Automation Fraud Education Bring Your Own Device Telephone System Holiday Data loss Content Management Value Operating System Mobile Computing Microsoft Office Budget Keyboard Employer-Employee Relationship Paperless Office Access Control Big Data Mobile Device Smart Tech Website Work/Life Balance Unified Threat Management IT Plan Flexibility Networking Solid State Drive Human Resources Students Patch Management Remote Work Authentication Risk Management Hard Drives Cast Software as a Service Mouse SaaS Outlook Insurance Cryptocurrency Tools eWaste Wireless Internet Cleaning Multi-Factor Security Wireless Computing Infrastructure Current Events Telephony Online Shopping Remote Worker Content Filter Staff Healthcare Virtual Reality Regulations Fiber-Optic Nanotechnology Windows 10 Government Black Market Content Filtering Audit Frequently Asked Questions Specifications Business Technology Practices Safe Mode Public Cloud webinar Root Cause Analysis Virtual Private Network Criminal Wire Computer Care Software Tips Trending Accountants HVAC Hacking Knowledge Skype Evernote Wiring Password Manager Storage Instant Messaging Cortana Digital Signature Electronic Health Records Worker Commute Proactive Cables HIPAA Emails Battery Excel Millennials Hosted Computing Augmented Reality Legal Entertainment Managed Service Provider Conferencing Meetings Botnet Project Management Samsung Physical Security Lifestyle Wireless Technology Enterprise Content Management End of Support Network Congestion Start Menu Wireless Charging GDPR Business Mangement USB Data Warehousing Downtime Flash Remote Monitoring and Maintenance Unified Communications Devices Remote Computing Charger Health Office Tips Computer Fan Tip of the week Workforce Inventory The Internet of Things PDF Travel Warranty Marketing Smart Office Hacker Technology Tips IoT Password Management Data Management Electronic Medical Records IT Consultant Mobile E-Commerce Gmail Addiction Recovery Google Docs Strategy YouTube HaaS Amazon Line of Business Theft Thought Leadership FENG Windows Server 2008 Telecommuting Google Drive Screen Mirroring Printer Windows 10s HBO NIST Leadership Professional Services Camera Recycling Users Cache Netflix Voice over Internet Protocol Save Time Sync Amazon Web Services MSP Google Apps Streaming Media Mobile Office History Rootkit Relocation Domains Content Search Employer Employee Relationship Printers Managing Stress Music Techology Politics Humor Public Speaking Audiobook Computer Accessories Presentation Internet Exlporer Two Factor Authentication Wearable Technology Lithium-ion battery Transportation User Error CrashOverride Video Games Vendor Management Books Assessment Hybrid Cloud Bluetooth 5G Automobile Twitter Tech Support How to WiFi Safety Benefits IBM Hiring/Firing Webinar Television Best Practice Troubleshooting Quick Tips Fun Internet exploMicrosoft IT solutions Competition Smart Technology Customer Relationship Management Scalability IP Address Emergency Files Public Computer Regulation Worker Shadow IT Hosted Solution Office Loyalty Advertising Company Culture Colocation Customer Service Experience

Mobile? Grab this Article!

QR-Code dieser Seite