Contact us today!
561-795-2000 
844-795-2001

FRS Pros Blog

Has Malware Made a Home in Your Router?

Has Malware Made a Home in Your Router?

Hackers and cybercriminals, like most people, tend to gravitate towards high-reward activities. In this case, that means that focus is turning to creating malware that attacks the router, potentially infecting the users that leverage it to connect wirelessly to the Internet. Researchers at Kaspersky Lab recently discovered an example of such a malware, so today, we will review this threat and how to best protect your network.

Slingshot
This threat, codenamed Slingshot, targets MikroTik routers and utilizes a multi-layer attack to spy on the PCs connected to the router. By replacing a library file with a malicious alternative that subsequently downloads other pieces of the malware, Slingshot is able to bypass security solutions unscathed. It then launches a two-pronged attack, one leveraging low-level kernel code to give an intruder carte blanche access to a system, the second managing the file system and preserving the malware - allowing it to continue.

If this sounds impressive, it is - not only does this attack access additional code from an encrypted virtual file system, it does so without crashing its host. This quality and complexity led the security experts at Kaspersky Lab to conclude that this attack was state-sponsored. Based on reports, this malware can collect just about any data that it wants to from its target, from keystrokes to passwords to screenshots to network traffic.

According to MicroTik, their routing firmware has received a patch for this vulnerability, but it is still unknown if routers from other manufacturers are affected. If they have, Slingshot could suddenly become a much larger issue than it already is.

Other Router Malware
Of course, Slingshot isn’t the only issue that affects router security. The fail-safes and security measures baked into routers have been historically unreliable. This can largely be attributed to manufacturers building numerous products with no comprehensive strategy concerning their security and keeping it up-to-date. However, this doesn’t mean that the user is off the hook, either. It is up to them to actually update the router’s firmware, not something that is necessarily their first, second, or even twenty-third thought. Furthermore, the updating process can often be challenging, as well as time-consuming.

Hackers will often change the DNS server setting on a router in order to attack a network. Rather than directing you to the secure website you are trying to navigate to, the altered DNS will instead send you to a phishing site. Since these sites are often convincingly created and designed to fool their targets, you may not realize you are being victimized until it has already happened.

In addition to attacks like these, hackers will also often use methods like barraging their targets with ads or infiltrating them via drive-by download. Some attacks leverage cross-site request forgery, where a hacker will develop a rogue piece of JavaScript that will attempt to load a router’s web-admin page to alter the router’s settings.

How to Mitigate Damage to You
If you suspect that you are the target of a router-based attack, your first step should be to confirm that something is wrong. While there are assorted ways to accomplish this, the most effective is to check if your DNS server has been changed. To check, you’ll need to access your router’s web-based setup page, and from there, the Internet connection screen. If your DNS setting is ‘automatic,’ you should be okay. However, if it says “manual,” with custom DNS servers entered, you may have a problem.

In order to mitigate damage in the case of compromise, you’ll need to make sure that your router matches the specifications set by the manufacturer. To do this, make sure you:

  • Promptly install firmware updates: Keeping your router’s firmware up-to-date will assist you in keeping your router secure.
  • Disable remote access: By disabling the capacity for your router to be accessed remotely, you prevent the chance of someone changing the settings without your knowledge.
  • Disable UPnP: While there is definitely some convenience to be had with the assistance of plug and play capabilities, UPnP could lead to your router becoming infected, as it is predisposed to trust any requests it receives.
  • Change your access credentials: A simple means of upping your security is to change your access credentials away from the router defaults.

If you want to know more about your cybersecurity, the professionals at FRS Pros are there here to help you keep your network and infrastructure safe. Call us at 561-795-2000.

All Work and No Play Makes Fewer Opportunities
Tip of the Week: PowerPointing You In the Right Di...
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Tuesday, December 18 2018

Captcha Image

Mobile? Grab this Article!

QR-Code

Tag Cloud

Tip of the Week Security Technology Best Practices Privacy Internet Network Security Cloud Business Computing Business Management Tech Term Google Hardware Software User Tips Hackers Microsoft Computer Malware Browser Data Backup Productivity Efficiency Cybersecurity Smartphone Hosted Solutions Mobile Devices Windows IT Services Data Recovery Innovation Cybercrime Office 365 Data Security Apps Internet of Things Android Business Continuity Data Upgrade Email Smartphones Operating System IT Support Outsourced IT Windows 10 Backup Vulnerability Business Money Phishing Alert VoIP Disaster Recovery Law Enforcement Ransomware Mobile Device Management Chrome Microsoft Office Saving Money Collaboration Network Managed IT Services Server IT Support Workplace Tips Best Practice Communications Employer-Employee Relationship Applications Spam Small Business Windows 10 Computers Holiday Networking Virtualization OneNote Information Technology Passwords Miscellaneous Managed Service Provider Telephone Systems Managed IT Gadgets Tech Support Unsupported Software Router Blockchain App Information Two-factor Authentication Cloud Computing Google Drive Bring Your Own Device Encryption Avoiding Downtime Mobile Security Hacking Proactive IT Evernote Safety SaaS Gmail Save Money Google Assistant User Error Touchscreen Data Storage Communication Cortana Artificial Intelligence Risk Management WiFi Budget Government Mobile Device Wireless Technology Word Data Management Business Technology Wi-Fi Audit Robot Google Docs Project Management Data Protection Patch Management Wireless Charging Update Shortcut Productivity Politics Devices The Internet of Things Social Media Sports VPN iPhone BDR Data Breach Cost Management Managed IT Services Augmented Reality Facebook Users Commerce Password WannaCry Automation Travel Managed Service Excel Quick Tips Application Hosted Solution Fraud Consultant Sales Proactive Mobility Projects Antivirus Tablets Maintenance Search Storage Social Engineering Laptop Vendor Sync Transportation PowerPoint Admin Remote Monitoring Edge IT solutions FAQ Private Cloud Hyperlink Hybrid Cloud Files Retail Websites Identity DDoS NFL eWaste Disaster Identities Touchpad Employee-Employer Relationship iOS WIndows Server 2008 Recovery Going Green Social Wireless Internet Saving Time Emergency Data Loss Ciminal Point of Sale Windows 10s HBO Charger Value Wasting Time Amazon Screen Mirroring Conferencing Data Theft Data Privacy Windows 7 Computer Care Nanotechnology Device Security Legislation Language Humor Identity Theft Administrator Adobe Workers Gamification Keyboard Shortcuts Unified Threat Management Software as a Service Solid State Drive Streaming Media Accessory Meetings Lithium-ion battery Virtual Assistant Emails Cast Gifts Computing Hard Drive Display Root Cause Analysis Windows Ink Upgrades Comparison Testing Vendor Management Computer Fan Access Licensing Updates Memory Human Resources Microsoft Excel IT budget Bandwidth Scam Hard Disk Drive IT Management Chromecast Outlook Reputation Computer Forensics Peripheral Alexa for Business Marketing BYOD Credit Cards App store History Chromebook Co-Managed Services Telephony Google Maps Spyware Data storage Payroll Specifications Virus Camera Samsung Internet Exlporer Microsoft Word Remote Computing Health Financial File Sharing IT Solutions Management Access Control Settings Webinar Wireless Printing Legal Telephone Uninterrupted Power Supply Apple Save Time Training Monitors Office tips Computer Accessories Advertising Compliance Battery Smart Technology Flexibility Music Television CrashOverride Instant Messaging Hacker Printers Company Culture Regulation Scalability Analytics Keyboard HaaS Entertainment End of Support Relocation Black Market Cleaning Automobile Office Twitter Big Data Managing Stress Personal Information Thank You Worker USB PDF How To Books Education Hiring/Firing Mobile Computing Video Games Experience Congratulations Virtual Reality Work/Life Balance Text Messaging Crowdsourcing Employer Employee Relationship es Current Events Electronic Medical Records Cache Benefits Phone System