(703) 288-9767    NTC Store
NTConnections Blog

NTConnections has been serving the Reston area since 2003, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Your Router Can Host Some Pretty Nasty Malware

Your Router Can Host Some Pretty Nasty Malware

Hundreds of millions of people use wireless Internet connections every day, and as a result, hackers are taking that as a challenge. They are now starting to develop malware that targets people through their routers. Recently, security researchers at Kaspersky Lab have discovered the malware named Slingshot. The code is designed to spy on PCs through a multi-layer attack that targets MikroTik routers. Today we take a look at Slingshot, and other router-based malware and what you can do about it.

Slingshot
Slingshot works by replacing a library file with a malicious version that downloads more malicious components and then eventually launches a two-front attack on the computers connected to it. The first one runs low-level kernel code that gives an intruder free rein of a system, while the other focuses on the user level and includes code to manage the file system and keep the malware alive.

It is a very intricate attack that calls the nefarious code in from an encrypted virtual file system; managing to do so without crashing the host system, a feat not lost on the security experts at Kaspersky Lab, who deemed it a state-sponsored attack because of the quality of the overall attack and the complexity of its components. Reports suggest that the malware can basically steal whatever it wants, including keyboard strokes, passwords, screenshots, and information about network usage and traffic.

MikroTik has announced that they have patched the vulnerability on versions of their routing firmware, but concerns remain as no one is sure if other router manufacturers have been affected. If that were to come to fruition, Slingshot could be a much larger problem than is currently believed.

Other Instances
Slingshot isn’t the first instance of a router turning on its owner. Traditionally, router security is known to be largely unreliable. Much of this is on the manufacturers, which have been known to build many different products without having a strategy in place to keep them working with up-to-date security. It is also up to the user to keep their router’s firmware up-to-date - something that is very easy to not keep top-of-mind. Plus, some routers make firmware updates time-consuming and difficult.

To attack the network, hackers seek to change the DNS server setting on your router. When you try to connect to a secure website, the malicious DNS server tells you to go to an elaborately constructed phishing site instead. By spoofing the domain and rerouting you to a website that is specifically constructed to take advantage of you, you have very little chance of warding off the attack before it’s too late.

Hackers have also been known to inject all types of user hindrances such trying to perform drive-by downloads, or inundating users with advertisements. Many attacks make use of cross-site request forgery attacks where a malicious actor creates a rogue piece of JavaScript that repeatedly tries to load the router’s web-admin page and change the router’s settings.

What to Do If This Happens to You
The first thing you should do is work to ascertain if your router has been compromised. You can do this in several ways, but the most telling is that your DNS server has been changed. You’ll have to access your router's web-based setup page. Once in, you have to visit the Internet connection screen. If your DNS setting is set to automatic, you are in the clear. If it’s set to “manual”, however, there will be custom DNS servers entered in the space. Many times, this is the first sign of a problem.

If you have been compromised, ensuring your router is set up to your manufacturer’s specifications will help you mitigate damage. To ward against this happening to you, you should always:

  • Install firmware updates: Making sure your router’s firmware is updated to the latest version will definitely help.
  • Disable remote access: Stop remote access to secure against anyone changing settings on your networking equipment.
  • Turn off UPnP: Plug and play can be very convenient, but your router could be affected through UPnP if there is any malware on the network since it is designed to universally trust all requests.
  • Change credentials: Changing your passwords are a simple way of keeping unwanted entities out of your router.

For more information about network and cybersecurity, the expert technicians at NTConnections are accessible and ready to help you keep your network and infrastructure secure. For help, call us at (703) 288-9767.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Thursday, June 21 2018

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Security Tip of the Week Technology Cloud Best Practices Privacy Hackers Business Computing Microsoft Hosted Solutions Productivity Internet Malware Backup Google Mobile Devices Efficiency VoIP Business IT Support IT Services Email Network Security Managed Service Provider Miscellaneous Server Innovation Data Workplace Tips Upgrade Disaster Recovery Business Continuity Network Software Windows Business Management Managed IT Services Saving Money Hardware Communication Computer Smartphone Browser Save Money Android Mobile Device Management Virtualization Smartphones communications User Tips Data Backup Holiday Cybercrime Microsoft Office Outsourced IT Computers Internet of Things BYOD Windows 10 WiFi Operating System Mobile Computing Cloud Computing Hacking Chrome Big Data Ransomware Small Business Data Recovery Social Media Remote Monitoring Collaboration IT Solutions VPN Managed IT Services Alert Application Apple Automation Proactive IT Avoiding Downtime Passwords Office Marketing Budget The Internet of Things Quick Tips Tech Term Social Engineering Information Technology BDR Employer-Employee Relationship Bandwidth Artificial Intelligence Managed IT Going Green Remote Computing Health Mobility Bring Your Own Device Recovery spam Gadgets Cybersecurity Telephone Systems Private Cloud Compliance How To Vulnerability Data Security Redundancy Wireless Technology User Error IT Support Office 365 Two-factor Authentication Data Protection Document Management Vendor Management Business Intelligence Website iPhone Money Save Time Firewall App Router Gmail Phishing Identity Theft Networking Mouse Apps Law Enforcement Data Management Productivity Risk Management Word PowerPoint Windows 10 Connectivity Excel Phone System Antivirus Office Tips Content Filtering Downtime Facebook History Entertainment Tablet Analytics Lithium-ion battery Value Memory Retail Search Customer Relationship Management Intranet Human Resources SaaS Training Best Available People Safety HIPAA Programming Government Cleaning Network Congestion Credit Cards Trending Meetings HaaS Education IT Consultant Fax Server Black Market Solid State Drive Applications Humor Infrastructure Saving Time Statistics Streaming Media Analysis Data Storage Internet Exlporer Online Currency Workers Data storage Encryption Biometrics Comparison Windows 7 Sports Business Owner Outlook Printer eWaste OneNote YouTube Flexibility USB Hard Drives Mobile Device Current Events IT Management Servers Work/Life Balance Administration Maintenance Smart Tech IT Plan Running Cable CES Physical Security DDoS Unified Threat Management Robot Data loss Skype Unsupported Software Mobile Office Environment Content Management Update Google Drive Public Cloud Charger Software Tips Virus Virtual Desktop Practices Touchscreen Remote Work Storage LinkedIn Unified Communications HVAC Telephony Touchpad IT service Hybrid Cloud Virtual Reality Blockchain Debate Google Docs Relocation Computer Care Uninterrupted Power Supply Computer Accessories Hosted Computing Addiction Theft Start Menu Domains IaaS PDF Bloatware Staff Spam Blocking Voice over Internet Protocol Audit HBO Cameras Customer Service Inventory Cache Video Surveillance Cortana Mobile Keyboard Consultant Entrepreneur Digital Signature Multi-Factor Security Screen Mirroring Frequently Asked Questions Tech Support Printer Server Access Control Fraud Wireless Internet Hacker Google Apps Professional Services Worker Commute Cost Management Strategy Piracy Computer Fan Lifestyle Cast Tip of the week Shadow IT Authentication Amazon Wire Science Tools User Wireless Files Password Instant Messaging Company Culture Licensing FENG Windows 8.1 Update Samsung Windows Server 2008 Wi-Fi Shortcut Nanotechnology Amazon Web Services Smart Office Twitter Windows 8 Password Manager SharePoint Colocation Accountants Electronic Medical Records Crowdfunding Bluetooth Online Shopping Paperless Office Tablets Business Mangement Botnet Monitor Hosted Solution Computing Infrastructure Notifications Legal Specifications Data Warehousing Regulations Devices Evernote Students Recycling Travel Print Server Reputation Wearable Technology End of Support Windows Media Player Social IoT Millennials NarrowBand Wireless Charging Healthcare Criminal Customers Internet exploMicrosoft Best Practice Social Networking Net Neutrality Hiring/Firing Root Cause Analysis Workforce Thought Leadership Computer Repair Electronic Health Records Flash Chromecast WIndows 7 Fiber-Optic Analyitcs Software as a Service Patch Management Advertising Insurance Telecommuting Content Filter Cables Machine Learning Sync Laptop Managing Stress Settings Scam Distributed Denial of Service Scalability Politics Transportation How to webinar Benefits Loyalty Conferencing Windows 10s Smart Technology Battery Experience Two Factor Authentication Assessment Music Television Troubleshooting Techology Public Computer Employer Employee Relationship Data Breach Automobile Emails Books CrashOverride IBM Webinar Emergency Users Worker Supercomputer Content IT solutions Video Games Rootkit Knowledge Audiobook Netflix