Contact us today!

Network Solutions Unlimited Blog

Has Malware Made a Home in Your Router?

Has Malware Made a Home in Your Router?

Hackers and cybercriminals, like most people, tend to gravitate towards high-reward activities. In this case, that means that focus is turning to creating malware that attacks the router, potentially infecting the users that leverage it to connect wirelessly to the Internet. Researchers at Kaspersky Lab recently discovered an example of such a malware, so today, we will review this threat and how to best protect your network.

This threat, codenamed Slingshot, targets MikroTik routers and utilizes a multi-layer attack to spy on the PCs connected to the router. By replacing a library file with a malicious alternative that subsequently downloads other pieces of the malware, Slingshot is able to bypass security solutions unscathed. It then launches a two-pronged attack, one leveraging low-level kernel code to give an intruder carte blanche access to a system, the second managing the file system and preserving the malware - allowing it to continue.

If this sounds impressive, it is - not only does this attack access additional code from an encrypted virtual file system, it does so without crashing its host. This quality and complexity led the security experts at Kaspersky Lab to conclude that this attack was state-sponsored. Based on reports, this malware can collect just about any data that it wants to from its target, from keystrokes to passwords to screenshots to network traffic.

According to MicroTik, their routing firmware has received a patch for this vulnerability, but it is still unknown if routers from other manufacturers are affected. If they have, Slingshot could suddenly become a much larger issue than it already is.

Other Router Malware
Of course, Slingshot isn’t the only issue that affects router security. The fail-safes and security measures baked into routers have been historically unreliable. This can largely be attributed to manufacturers building numerous products with no comprehensive strategy concerning their security and keeping it up-to-date. However, this doesn’t mean that the user is off the hook, either. It is up to them to actually update the router’s firmware, not something that is necessarily their first, second, or even twenty-third thought. Furthermore, the updating process can often be challenging, as well as time-consuming.

Hackers will often change the DNS server setting on a router in order to attack a network. Rather than directing you to the secure website you are trying to navigate to, the altered DNS will instead send you to a phishing site. Since these sites are often convincingly created and designed to fool their targets, you may not realize you are being victimized until it has already happened.

In addition to attacks like these, hackers will also often use methods like barraging their targets with ads or infiltrating them via drive-by download. Some attacks leverage cross-site request forgery, where a hacker will develop a rogue piece of JavaScript that will attempt to load a router’s web-admin page to alter the router’s settings.

How to Mitigate Damage to You
If you suspect that you are the target of a router-based attack, your first step should be to confirm that something is wrong. While there are assorted ways to accomplish this, the most effective is to check if your DNS server has been changed. To check, you’ll need to access your router’s web-based setup page, and from there, the Internet connection screen. If your DNS setting is ‘automatic,’ you should be okay. However, if it says “manual,” with custom DNS servers entered, you may have a problem.

In order to mitigate damage in the case of compromise, you’ll need to make sure that your router matches the specifications set by the manufacturer. To do this, make sure you:

  • Promptly install firmware updates: Keeping your router’s firmware up-to-date will assist you in keeping your router secure.
  • Disable remote access: By disabling the capacity for your router to be accessed remotely, you prevent the chance of someone changing the settings without your knowledge.
  • Disable UPnP: While there is definitely some convenience to be had with the assistance of plug and play capabilities, UPnP could lead to your router becoming infected, as it is predisposed to trust any requests it receives.
  • Change your access credentials: A simple means of upping your security is to change your access credentials away from the router defaults.

If you want to know more about your cybersecurity, the professionals at Network Solutions Unlimited are there here to help you keep your network and infrastructure safe. Call us at 217-428-6449.

All Work and No Play Makes Fewer Opportunities
Tip of the Week: PowerPointing You In the Right Di...


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Saturday, October 20 2018

Captcha Image

Mobile? Grab this Article!


Tag Cloud

Ciminal Automation Hardware Television Edge IoT Legal App Peripheral Microsoft Word Shadow IT Phone System Licensing Tech Support Display Quick Tips Content File Storage Alert The Internet of Things Google Transportation Techology Document Management Password Word Congratulations Storage Nanotechnology Miscellaneous Data Storage Software as a Service Data Breach Application Monitors OneNote Operating System Router Two-factor Authentication Apple WannaCry Internet of Things Robot Dark Web Consultant Upgrade Managing Stress Financial Technology IT Services Update WiFi Scalability Personal Information Public Computer Cortana Spam HaaS Legislation Evernote Wireless Internet Chromebook eWaste Reputation MSP Worker Commute Outlook Regulation Data Privacy Office Tips IT Management Computers Search Hacking Windows 7 Server Wasting Time Managed Service Content Filtering Telephone Compliance Data Theft History FAQ CrashOverride Disaster Recovery Conferencing Hybrid Cloud Device Security Hackers User Error Ransomware Business Intelligence Computer Accessories Computing Devices Comparison Data Loss Privacy Redundancy Business Management Websites Upgrades Emergency Streaming Media PDF App store Alexa for Business BYOD Twitter Camera Identity Cloud Computing Firewall PowerPoint Accessory Maintenance Testing Commerce Outsourced IT Smartphones Information Technology Mobile Devices Colocation Chromecast Windows Innovation Automobile Business Continuity Relocation Employer-Employee Relationship Small Business Workplace Tips Virtual Reality Productivity Value Training Risk Management Social Engineering Hiring/Firing Hard Drive Electronic Medical Records Downtime Language IT Support Gadgets Black Market Patch Management Technology Gmail Management Google Docs Content Filter Emails Cloud Hosted Solution Administration intranet Touchpad Mobile Security Smart Tech Computer Care Microsoft Office Going Green Employer Employee Relationship Managed IT Service Security Business Computing Virus End of Support Excel Identity Theft Loyalty Benefits Avoiding Downtime Best Practice Advertising Credit Cards Printers Screen Mirroring Business Books SaaS Projects Bandwidth Printing IT budget Augmented Reality hacker Best Practices Phishing Google Drive Computer Forensics Data storage Smartphone Mobile Device Assessment Wireless Company Culture Troubleshooting Law Enforcement WPA3 Antivirus Office Computer Health Project Management Experience HIPAA Microsoft Excel Shortcut Chrome Connectivity Entertainment HBO Mobility Cybersecurity Unified Threat Management Identities Instant Messaging Battery Hard Disk Drive Smart Technology Wireless Charging Money Solid State Drive Fraud Sales Network Security Humor Email Network Productivity Managed IT Services BDR Windows 10 Windows 10 Google Maps Monitoring Microsoft Internet Customer Wi-Fi Bluetooth Keyboard Laptop Wasting Money VPN Data Backup iOS Cost Management Android Audiobook Social Media Mobile Device Management Remote Computing Windows 10s Cast Physical Security How To Malware Users Private Cloud Computer Fan Government Remote Monitoring Travel Meetings Tip of the Week Windows Ink Sports Specifications Lifestyle Save Money Recovery Cache IT Solutions Unsupported Software Encryption Big Data Budget Managed Service Provider Browser WIndows Server 2008 IT Support Data Protection Scam Data Security Marketing Webinar Backup Cleaning Communications Settings Telephone Systems Touchscreen Holiday Data Management Video Games Networking Save Time Professional Services Audit Data Recovery Hyperlink Students Tablets Charger Spyware How to Gamification Amazon Samsung Flexibility Facebook Managed IT Services NFL Education Thank You Monitor Office 365 Updates Hard Drives Spam Blocking Gifts Root Cause Analysis Mobile Saving Money Internet exploMicrosoft Virtualization Worker Computing Infrastructure Data Work/Life Balance Information Unified Communications Applications Apps Vulnerability Collaboration Business Technology Analysis Politics Sync Proactive IT Cybercrime Tech Term Financial Hosted Solutions Artificial Intelligence Managed IT Two Factor Authentication Proactive Vendor Management Files Adobe IT solutions Workers Safety Blockchain Communication Internet Exlporer iPhone Passwords Software VoIP Memory Efficiency Google Assistant Bring Your Own Device Rootkit User Tips File Sharing Wireless Technology Vendor Co-Managed Services USB Public Cloud Virtual Assistant Business Owner Retail Employee-Employer Relationship