094 90 48200     Get SUPPORT

Aniar IT Services Blog

Your Router Can Host Some Pretty Nasty Malware

Your Router Can Host Some Pretty Nasty Malware

Hundreds of millions of people use wireless Internet connections every day, and as a result, hackers are taking that as a challenge. They are now starting to develop malware that targets people through their routers. Recently, security researchers at Kaspersky Lab have discovered the malware named Slingshot. The code is designed to spy on PCs through a multi-layer attack that targets MikroTik routers. Today we take a look at Slingshot, and other router-based malware and what you can do about it.

Slingshot
Slingshot works by replacing a library file with a malicious version that downloads more malicious components and then eventually launches a two-front attack on the computers connected to it. The first one runs low-level kernel code that gives an intruder free rein of a system, while the other focuses on the user level and includes code to manage the file system and keep the malware alive.

It is a very intricate attack that calls the nefarious code in from an encrypted virtual file system; managing to do so without crashing the host system, a feat not lost on the security experts at Kaspersky Lab, who deemed it a state-sponsored attack because of the quality of the overall attack and the complexity of its components. Reports suggest that the malware can basically steal whatever it wants, including keyboard strokes, passwords, screenshots, and information about network usage and traffic.

MikroTik has announced that they have patched the vulnerability on versions of their routing firmware, but concerns remain as no one is sure if other router manufacturers have been affected. If that were to come to fruition, Slingshot could be a much larger problem than is currently believed.

Other Instances
Slingshot isn’t the first instance of a router turning on its owner. Traditionally, router security is known to be largely unreliable. Much of this is on the manufacturers, which have been known to build many different products without having a strategy in place to keep them working with up-to-date security. It is also up to the user to keep their router’s firmware up-to-date - something that is very easy to not keep top-of-mind. Plus, some routers make firmware updates time-consuming and difficult.

To attack the network, hackers seek to change the DNS server setting on your router. When you try to connect to a secure website, the malicious DNS server tells you to go to an elaborately constructed phishing site instead. By spoofing the domain and rerouting you to a website that is specifically constructed to take advantage of you, you have very little chance of warding off the attack before it’s too late.

Hackers have also been known to inject all types of user hindrances such trying to perform drive-by downloads, or inundating users with advertisements. Many attacks make use of cross-site request forgery attacks where a malicious actor creates a rogue piece of JavaScript that repeatedly tries to load the router’s web-admin page and change the router’s settings.

What to Do If This Happens to You
The first thing you should do is work to ascertain if your router has been compromised. You can do this in several ways, but the most telling is that your DNS server has been changed. You’ll have to access your router's web-based setup page. Once in, you have to visit the Internet connection screen. If your DNS setting is set to automatic, you are in the clear. If it’s set to “manual”, however, there will be custom DNS servers entered in the space. Many times, this is the first sign of a problem.

If you have been compromised, ensuring your router is set up to your manufacturer’s specifications will help you mitigate damage. To ward against this happening to you, you should always:

  • Install firmware updates: Making sure your router’s firmware is updated to the latest version will definitely help.
  • Disable remote access: Stop remote access to secure against anyone changing settings on your networking equipment.
  • Turn off UPnP: Plug and play can be very convenient, but your router could be affected through UPnP if there is any malware on the network since it is designed to universally trust all requests.
  • Change credentials: Changing your passwords are a simple way of keeping unwanted entities out of your router.

For more information about network and cybersecurity, the expert technicians at Aniar IT Services are accessible and ready to help you keep your network and infrastructure secure. For help, call us at 094 90 48200 .

Save the Date: Microsoft Products End of Life
Know Your Tech: Cache
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Thursday, May 23 2019

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Technology Best Practices Business Computing Privacy User Tips Cloud Productivity Google Internet Email Tech Term Microsoft Innovation Data Backup Hosted Solutions Network Security Data Hardware Workplace Tips Mobile Devices Data Recovery VoIP Malware Efficiency Smartphone Communications Communication Android Hackers Windows 10 Cloud Computing IT Support IT Services Managed IT Services Business Smartphones Artificial Intelligence Network Small Business Software Business Management Gadgets Browser Mobile Device Backup Internet of Things Spam Chrome How To Server Cybersecurity Windows Collaboration Router Computers Applications BDR Outsourced IT Computer Business Continuity Information Word Office 365 Cybercrime Saving Money Data Security Money Mobile Device Management Encryption Two-factor Authentication Passwords Vulnerability Operating System Managed Service Data Protection BYOD Paperless Office Holiday Phishing Users Facebook Miscellaneous Ransomware Social Media Connectivity Settings Access Control Virtualization Law Enforcement Sports Machine Learning Cryptocurrency Display Telephony CES Unsupported Software Software as a Service Scam Data Storage Training Managed IT Fraud Infrastructure Business Intelligence Wi-Fi Human Resources Update Keyboard Content Management Spam Blocking Botnet Augmented Reality VPN Password Disaster Recovery Staff Windows 7 Virtual Assistant Managed IT services Apps Blockchain Bring Your Own Device Government Redundancy Voice over Internet Protocol Automation IT Management Telephone Systems Microsoft Office App Meetings Save Money Social Engineering Google Drive Avoiding Downtime Website Identity Theft Telephone System Comparison Remote Monitoring Private Cloud IT Plan Upgrade Google Docs OneNote Workers Digital Signage Specifications Wireless Data Management Printer Tip of the week Cabling Cleaning Trending Public Cloud Mobile Computing Education Evernote HaaS Recycling Devices Cryptomining Authentication Data loss Google Search Computer Fan YouTube Mouse Windows Server 2008 Cables Practices Safe Mode Security Cameras Cache Software Tips Smart Office Quick Tips HBO OLED Networking Shortcuts eWaste Thought Leadership Remote Worker Database Telecommuting Amazon Computer Care Default App Bandwidth Cortana Alert Save Time 5G FENG Microchip Charger Hosted Computing Smartwatch Skype Wireless Internet Document Management Camera Outlook Biometric Security Enterprise Content Management Mobility Hacker Legal Wiring Business Technology Travel Remote Work The Internet of Things Amazon Web Services Accountants Patch Management Password Manager Nanotechnology Proactive IT Tools Work/Life Balance Search Engine Wireless Charging Inventory Health Start Menu HIPAA USB Solid State Drive Frequently Asked Questions Recovery Manufacturing Downtime Password Management Social Sync Multi-Factor Security Criminal Windows 10s Firewall Big Data Bing WiFi Business Mangement Smart Tech Screen Mirroring MSP Net Neutrality Millennials Digital Signature Servers Google Apps Employer-Employee Relationship Employee Electronic Medical Records Wire Audit Physical Security Entertainment Warranty Excel Virtual Reality Root Cause Analysis NIST Vendor Addiction Unified Threat Management Online Shopping HVAC Help Desk Flash Gmail Cast File Sharing ISP Value Workforce Credit Cards PDF Compliance Hard Drives Windows 10 Public Speaking Search Regulation Presentation Lithium-ion battery CrashOverride Tech Support Emergency Wireless Technology Company Culture Safety IBM Marketing Productivity Managed Service Provider Budget Managing Stress Hiring/Firing Competition Printers Customer Relationship Management IP Address Twitter Fun Customer Service Mobile Office Domains