Contact us today!

Network Solutions Unlimited Blog

Has Malware Made a Home in Your Router?

Has Malware Made a Home in Your Router?

Hackers and cybercriminals, like most people, tend to gravitate towards high-reward activities. In this case, that means that focus is turning to creating malware that attacks the router, potentially infecting the users that leverage it to connect wirelessly to the Internet. Researchers at Kaspersky Lab recently discovered an example of such a malware, so today, we will review this threat and how to best protect your network.

This threat, codenamed Slingshot, targets MikroTik routers and utilizes a multi-layer attack to spy on the PCs connected to the router. By replacing a library file with a malicious alternative that subsequently downloads other pieces of the malware, Slingshot is able to bypass security solutions unscathed. It then launches a two-pronged attack, one leveraging low-level kernel code to give an intruder carte blanche access to a system, the second managing the file system and preserving the malware - allowing it to continue.

If this sounds impressive, it is - not only does this attack access additional code from an encrypted virtual file system, it does so without crashing its host. This quality and complexity led the security experts at Kaspersky Lab to conclude that this attack was state-sponsored. Based on reports, this malware can collect just about any data that it wants to from its target, from keystrokes to passwords to screenshots to network traffic.

According to MicroTik, their routing firmware has received a patch for this vulnerability, but it is still unknown if routers from other manufacturers are affected. If they have, Slingshot could suddenly become a much larger issue than it already is.

Other Router Malware
Of course, Slingshot isn’t the only issue that affects router security. The fail-safes and security measures baked into routers have been historically unreliable. This can largely be attributed to manufacturers building numerous products with no comprehensive strategy concerning their security and keeping it up-to-date. However, this doesn’t mean that the user is off the hook, either. It is up to them to actually update the router’s firmware, not something that is necessarily their first, second, or even twenty-third thought. Furthermore, the updating process can often be challenging, as well as time-consuming.

Hackers will often change the DNS server setting on a router in order to attack a network. Rather than directing you to the secure website you are trying to navigate to, the altered DNS will instead send you to a phishing site. Since these sites are often convincingly created and designed to fool their targets, you may not realize you are being victimized until it has already happened.

In addition to attacks like these, hackers will also often use methods like barraging their targets with ads or infiltrating them via drive-by download. Some attacks leverage cross-site request forgery, where a hacker will develop a rogue piece of JavaScript that will attempt to load a router’s web-admin page to alter the router’s settings.

How to Mitigate Damage to You
If you suspect that you are the target of a router-based attack, your first step should be to confirm that something is wrong. While there are assorted ways to accomplish this, the most effective is to check if your DNS server has been changed. To check, you’ll need to access your router’s web-based setup page, and from there, the Internet connection screen. If your DNS setting is ‘automatic,’ you should be okay. However, if it says “manual,” with custom DNS servers entered, you may have a problem.

In order to mitigate damage in the case of compromise, you’ll need to make sure that your router matches the specifications set by the manufacturer. To do this, make sure you:

  • Promptly install firmware updates: Keeping your router’s firmware up-to-date will assist you in keeping your router secure.
  • Disable remote access: By disabling the capacity for your router to be accessed remotely, you prevent the chance of someone changing the settings without your knowledge.
  • Disable UPnP: While there is definitely some convenience to be had with the assistance of plug and play capabilities, UPnP could lead to your router becoming infected, as it is predisposed to trust any requests it receives.
  • Change your access credentials: A simple means of upping your security is to change your access credentials away from the router defaults.

If you want to know more about your cybersecurity, the professionals at Network Solutions Unlimited are there here to help you keep your network and infrastructure safe. Call us at 217-428-6449.

All Work and No Play Makes Fewer Opportunities
Tip of the Week: PowerPointing You In the Right Di...


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Wednesday, August 22 2018

Captcha Image

Mobile? Grab this Article!


Tag Cloud

Wireless Best Practices Screen Mirroring Hosted Solution Efficiency Touchpad Webinar Files BDR Big Data Two-factor Authentication Backup WiFi HBO Printing Conferencing Personal Information Tech Term Business Continuity Recovery Settings Communication Colocation Transportation Vendor Management Artificial Intelligence Saving Money Device Security Business Technology Connectivity Gadgets Application Amazon VoIP Internet Augmented Reality Loyalty Data Loss Customer Managed IT Going Green Content Filter Experience Emails Credit Cards Relocation Managed IT Services App App store Social Media IT Support Content Filtering Worker Spyware Mobile Device Management Encryption Spam Blocking Work/Life Balance Sports Security Blockchain Wireless Internet Flexibility Virtual Reality IT Services Data Management Save Time Productivity Business Management Electronic Medical Records Politics Data Backup Managed IT Service VPN Maintenance Remote Monitoring Books Hosted Solutions Cost Management Automation IT Solutions Operating System Assessment Employer-Employee Relationship Outlook Root Cause Analysis Malware Data Storage Gifts Data Breach HaaS Information Technology Networking Administration Safety Tech Support Education Data Security Smartphone Smart Technology Management PowerPoint Chrome Analysis Risk Management Monitoring Workers Content Two Factor Authentication Data Recovery Unsupported Software Adobe History Firewall Windows Proactive IT MSP Windows Ink Video Games Windows 10 Computing Software as a Service Cybercrime Identity Theft Router Browser Upgrades Streaming Media Cloud Windows 10 Employer Employee Relationship WIndows Server 2008 Black Market Rootkit Cloud Computing Students Microsoft Office Sales Google Drive Shadow IT Laptop Gmail Phone System Computer Accessories Facebook Smartphones Physical Security SaaS WPA3 Unified Communications eWaste Google Maps Alexa for Business iOS Hard Drive Robot Outsourced IT Hiring/Firing Miscellaneous Congratulations Training Bring Your Own Device Office Redundancy Business PDF Disaster Recovery Word Thank You Value Managed Service Provider Monitors Emergency Update Network Tip of the Week Touchscreen Excel Virtual Assistant Spam WannaCry Solid State Drive Budget Data Privacy Productivity Devices Microsoft Excel Mobility IT solutions Ciminal intranet Private Cloud Benefits hacker Language Save Money Scalability BYOD Network Security IT budget Upgrade Computing Infrastructure USB Microsoft Microsoft Word Google Assistant Computer Care Troubleshooting Hard Drives Social Engineering Updates Google How To Server Advertising Legislation Instant Messaging Battery Data Protection How to Edge Data storage Computer Forensics Windows 10s Nanotechnology File Sharing Tablets Proactive Apps Unified Threat Management Cleaning Innovation Privacy Mobile Money IoT Wireless Charging Project Management Managing Stress FAQ Law Enforcement Financial Technology Computers Shortcut Cache Business Computing Information Best Practice Alert Hardware Charger Wasting Money OneNote Communications Health Ransomware Virus Remote Computing Keyboard Mobile Devices CrashOverride Vulnerability IT Management Memory Gamification Cast Meetings Internet of Things Computer Public Computer Evernote Licensing Patch Management Google Docs Email Downtime Consultant Managed IT Services Computer Fan Technology Websites Internet Exlporer Password Data NFL Passwords Workplace Tips Regulation Government Hard Disk Drive Dark Web Storage Antivirus HIPAA Lifestyle Sync Specifications Financial Wi-Fi Audiobook Reputation Avoiding Downtime End of Support Compliance Business Owner Company Culture Television Smart Tech Holiday Twitter Entertainment Chromebook Retail Hacking Bandwidth Fraud Scam Legal Office 365 Internet exploMicrosoft Data Theft Telephone Systems Automobile Techology Phishing Audit Cybersecurity Hybrid Cloud Chromecast Travel Humor iPhone Mobile Security Identity Android Wireless Technology Public Cloud Commerce Small Business Business Intelligence Software User Tips Professional Services Samsung Cortana Monitor User Error Users Marketing Office Tips Mobile Device The Internet of Things Collaboration Apple Worker Commute Search Identities Bluetooth Comparison Virtualization File Storage Hackers IT Support Quick Tips Applications Document Management