Contact us today!

Network Solutions Unlimited Blog

Has Malware Made a Home in Your Router?

Has Malware Made a Home in Your Router?

Hackers and cybercriminals, like most people, tend to gravitate towards high-reward activities. In this case, that means that focus is turning to creating malware that attacks the router, potentially infecting the users that leverage it to connect wirelessly to the Internet. Researchers at Kaspersky Lab recently discovered an example of such a malware, so today, we will review this threat and how to best protect your network.

This threat, codenamed Slingshot, targets MikroTik routers and utilizes a multi-layer attack to spy on the PCs connected to the router. By replacing a library file with a malicious alternative that subsequently downloads other pieces of the malware, Slingshot is able to bypass security solutions unscathed. It then launches a two-pronged attack, one leveraging low-level kernel code to give an intruder carte blanche access to a system, the second managing the file system and preserving the malware - allowing it to continue.

If this sounds impressive, it is - not only does this attack access additional code from an encrypted virtual file system, it does so without crashing its host. This quality and complexity led the security experts at Kaspersky Lab to conclude that this attack was state-sponsored. Based on reports, this malware can collect just about any data that it wants to from its target, from keystrokes to passwords to screenshots to network traffic.

According to MicroTik, their routing firmware has received a patch for this vulnerability, but it is still unknown if routers from other manufacturers are affected. If they have, Slingshot could suddenly become a much larger issue than it already is.

Other Router Malware
Of course, Slingshot isn’t the only issue that affects router security. The fail-safes and security measures baked into routers have been historically unreliable. This can largely be attributed to manufacturers building numerous products with no comprehensive strategy concerning their security and keeping it up-to-date. However, this doesn’t mean that the user is off the hook, either. It is up to them to actually update the router’s firmware, not something that is necessarily their first, second, or even twenty-third thought. Furthermore, the updating process can often be challenging, as well as time-consuming.

Hackers will often change the DNS server setting on a router in order to attack a network. Rather than directing you to the secure website you are trying to navigate to, the altered DNS will instead send you to a phishing site. Since these sites are often convincingly created and designed to fool their targets, you may not realize you are being victimized until it has already happened.

In addition to attacks like these, hackers will also often use methods like barraging their targets with ads or infiltrating them via drive-by download. Some attacks leverage cross-site request forgery, where a hacker will develop a rogue piece of JavaScript that will attempt to load a router’s web-admin page to alter the router’s settings.

How to Mitigate Damage to You
If you suspect that you are the target of a router-based attack, your first step should be to confirm that something is wrong. While there are assorted ways to accomplish this, the most effective is to check if your DNS server has been changed. To check, you’ll need to access your router’s web-based setup page, and from there, the Internet connection screen. If your DNS setting is ‘automatic,’ you should be okay. However, if it says “manual,” with custom DNS servers entered, you may have a problem.

In order to mitigate damage in the case of compromise, you’ll need to make sure that your router matches the specifications set by the manufacturer. To do this, make sure you:

  • Promptly install firmware updates: Keeping your router’s firmware up-to-date will assist you in keeping your router secure.
  • Disable remote access: By disabling the capacity for your router to be accessed remotely, you prevent the chance of someone changing the settings without your knowledge.
  • Disable UPnP: While there is definitely some convenience to be had with the assistance of plug and play capabilities, UPnP could lead to your router becoming infected, as it is predisposed to trust any requests it receives.
  • Change your access credentials: A simple means of upping your security is to change your access credentials away from the router defaults.

If you want to know more about your cybersecurity, the professionals at Network Solutions Unlimited are there here to help you keep your network and infrastructure safe. Call us at 217-428-6449.

All Work and No Play Makes Fewer Opportunities
Tip of the Week: PowerPointing You In the Right Di...


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Sunday, June 24 2018

Captcha Image

Mobile? Grab this Article!


Tag Cloud

Electronic Medical Records Professional Services Consultant Robot How to Remote Computing Data Breach Holiday App Managed IT Services Server Internet of Things Backup Experience Windows Small Business Analysis Remote Monitoring Facebook Proactive Computer Accessories Cybercrime Storage Video Games Congratulations Workplace Tips Email BYOD Meetings Content Filter Social Media Spyware Retail Personal Information Microsoft Word Windows 10s Gifts Legislation Work/Life Balance Colocation Hard Drive IT Support PowerPoint Hosted Solution Firewall Miscellaneous Mobility Efficiency Data Protection Keyboard Wireless Charging Computing Infrastructure Chromecast History Screen Mirroring Loyalty Rootkit WiFi Network Ciminal Wireless Technology Word Networking Edge Risk Management Information Technology User Tips How To Computer Care Search Law Enforcement Solid State Drive VPN Big Data Black Market Bluetooth Business Intelligence Data storage Business Computing Encryption Training Disaster Recovery Microsoft Office Employer Employee Relationship Cloud Computing Collaboration Technology Techology Operating System FAQ Two Factor Authentication Shadow IT Ransomware Twitter Windows 10 Wireless Internet Hiring/Firing Spam Blocking Computer Fan Management Worker Hackers Excel Advertising Patch Management Monitors Unified Threat Management Television Office Cleaning iPhone Hard Disk Drive BDR Value WannaCry Thank You Mobile Devices Settings Data Backup Websites Files Tip of the Week Sync Root Cause Analysis Battery Cast Regulation Smartphone Virtualization Government Software as a Service Maintenance Google Maps Going Green Private Cloud Samsung Business Chromebook Mobile Device Printing Hosted Solutions Outsourced IT Devices Physical Security Employer-Employee Relationship Managed IT Best Practices Virtual Reality PDF Health OneNote User Error Tech Term Budget Language Data Storage Innovation Quick Tips Smart Tech Project Management Instant Messaging Reputation Proactive IT Microsoft Financial Compliance Redundancy Mobile Device Management Recovery Entertainment Cloud Productivity Tech Support Touchscreen Artificial Intelligence Apps Mobile Internet Exlporer IT Solutions Cortana Users Hybrid Cloud Save Money IT budget Nanotechnology Device Security Cache Dark Web Passwords Windows 10 Windows Ink Save Time hacker Troubleshooting Social Engineering Smartphones Managed Service Provider eWaste Managed IT Service Tablets Best Practice Gamification Internet exploMicrosoft NFL Document Management Assessment IT Management Administration HIPAA Business Owner Credit Cards Computers Phishing Automation Application Data Privacy Audiobook Shortcut USB Legal Streaming Media Update Android MSP VoIP Audit Bring Your Own Device Office 365 Vendor Management Sports Avoiding Downtime Browser Hacking Cybersecurity Google Docs Computer Data Security Transportation Internet Communications Cost Management Lifestyle File Sharing IT Support Telephone Systems Business Management Network Security Conferencing Smart Technology Upgrade App store Automobile Webinar IoT The Internet of Things Business Continuity Laptop Managed IT Services Scalability Commerce Comparison CrashOverride Relocation HaaS Touchpad Alert Data Password Sales Data Loss Public Computer Emergency Google Computing Applications Licensing Data Recovery iOS Unsupported Software Antivirus Fraud Identities Two-factor Authentication Software Emails Gadgets Productivity Memory Worker Commute Data Management Updates Data Theft Unified Communications Communication Connectivity Monitoring SaaS Downtime Books End of Support Managing Stress Benefits Flexibility Education Identity HBO Financial Technology IT Services Safety Money Customer Wi-Fi Students Adobe Phone System Gmail Spam Apple Public Cloud Computer Forensics WIndows Server 2008 Vulnerability Workers Chrome Charger Microsoft Excel Google Drive Hardware Saving Money Politics Evernote Scam Upgrades Privacy Mobile Security Office Tips Content Filtering Marketing Augmented Reality intranet Wireless Company Culture Blockchain Specifications Humor Bandwidth Travel Virus Hard Drives Router Malware Identity Theft Google Assistant Content Security Outlook Monitor IT solutions