Home

About Us

IT Services

Understanding IT

News & Events

Blog

Support

Contact Us

(702) 720-1700

Blog
  • Register

Agilitec IT Blog

Has Malware Made a Home in Your Router?

Has Malware Made a Home in Your Router?

Hackers and cybercriminals, like most people, tend to gravitate towards high-reward activities. In this case, that means that focus is turning to creating malware that attacks the router, potentially infecting the users that leverage it to connect wirelessly to the Internet. Researchers at Kaspersky Lab recently discovered an example of such a malware, so today, we will review this threat and how to best protect your network.

Slingshot
This threat, codenamed Slingshot, targets MikroTik routers and utilizes a multi-layer attack to spy on the PCs connected to the router. By replacing a library file with a malicious alternative that subsequently downloads other pieces of the malware, Slingshot is able to bypass security solutions unscathed. It then launches a two-pronged attack, one leveraging low-level kernel code to give an intruder carte blanche access to a system, the second managing the file system and preserving the malware - allowing it to continue.

If this sounds impressive, it is - not only does this attack access additional code from an encrypted virtual file system, it does so without crashing its host. This quality and complexity led the security experts at Kaspersky Lab to conclude that this attack was state-sponsored. Based on reports, this malware can collect just about any data that it wants to from its target, from keystrokes to passwords to screenshots to network traffic.

According to MicroTik, their routing firmware has received a patch for this vulnerability, but it is still unknown if routers from other manufacturers are affected. If they have, Slingshot could suddenly become a much larger issue than it already is.

Other Router Malware
Of course, Slingshot isn’t the only issue that affects router security. The fail-safes and security measures baked into routers have been historically unreliable. This can largely be attributed to manufacturers building numerous products with no comprehensive strategy concerning their security and keeping it up-to-date. However, this doesn’t mean that the user is off the hook, either. It is up to them to actually update the router’s firmware, not something that is necessarily their first, second, or even twenty-third thought. Furthermore, the updating process can often be challenging, as well as time-consuming.

Hackers will often change the DNS server setting on a router in order to attack a network. Rather than directing you to the secure website you are trying to navigate to, the altered DNS will instead send you to a phishing site. Since these sites are often convincingly created and designed to fool their targets, you may not realize you are being victimized until it has already happened.

In addition to attacks like these, hackers will also often use methods like barraging their targets with ads or infiltrating them via drive-by download. Some attacks leverage cross-site request forgery, where a hacker will develop a rogue piece of JavaScript that will attempt to load a router’s web-admin page to alter the router’s settings.

How to Mitigate Damage to You
If you suspect that you are the target of a router-based attack, your first step should be to confirm that something is wrong. While there are assorted ways to accomplish this, the most effective is to check if your DNS server has been changed. To check, you’ll need to access your router’s web-based setup page, and from there, the Internet connection screen. If your DNS setting is ‘automatic,’ you should be okay. However, if it says “manual,” with custom DNS servers entered, you may have a problem.

In order to mitigate damage in the case of compromise, you’ll need to make sure that your router matches the specifications set by the manufacturer. To do this, make sure you:

  • Promptly install firmware updates: Keeping your router’s firmware up-to-date will assist you in keeping your router secure.
  • Disable remote access: By disabling the capacity for your router to be accessed remotely, you prevent the chance of someone changing the settings without your knowledge.
  • Disable UPnP: While there is definitely some convenience to be had with the assistance of plug and play capabilities, UPnP could lead to your router becoming infected, as it is predisposed to trust any requests it receives.
  • Change your access credentials: A simple means of upping your security is to change your access credentials away from the router defaults.

If you want to know more about your cybersecurity, the professionals at Agilitec IT are there here to help you keep your network and infrastructure safe. Call us at (702) 720-1700.

All Work and No Play Makes Fewer Opportunities
Smart Technology: An Update
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, March 20, 2019

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Network Security Technology Security Internet Privacy Tech Term Communications Productivity Internet of Things IT Support Malware Best Practices Data Backup Efficiency Data Recovery Mobile Devices Business Management BDR VoIp Browser User Tips Email Data Windows 10 Google Cybersecurity Small Business Hackers Business Saving Money Managed IT Services Hardware Smartphones Router IT Services Backup Collaboration Managed IT services Information Communication Outsourced IT Phishing Upgrade Business Computing Mobile Device MSP Passwords Innovation Cost Management Bring Your Own Device Users Managed Service Redundancy Spam Workplace Tips Software Project Management Cloud Networking Network Computer Devices Automation Vulnerability Data Breach OneNote Telephone IoT Streaming Media Managed Service Provider Marketing Travel Apps Disaster Recovery History Augmented Reality Jun 27 2018 11:00 AM Pacific Windows 7 The Internet of Things Smartphone Holiday Microsoft Word Blockchain Hosted Solutions Evernote Hyperlink eWaste Content Filter Cortana Social Media intranet Android Conferencing Law Enforcement Remote Computing Applications O 365 versions Best Practice Instant Messaging Printing Hybrid Cloud Cybercrime Maintenance Budget Cloud Computing Amazon Monitoring Vendor Data loss Wireless Internet Touchscreen Update Data Privacy Chromebook Unified Communications Wireless Technology SaaS Ransomware backup files Education WPA3 Server Projects Mobile Device Management Cleaning Gamification Virtual Assistant Management Two-factor Authentication Employee-Employer Relationship WannaCry Display Smart Tech Charger Software as a Service Virtualization Office Online Students File Storage Operating System Google Assistant Business Technology Excel Alert Alexa for Business Workers Antivirus Money Updates Testing Big Data App Co-Managed Services Connectivity Microsoft Wireless Charging Bandwidth Flexibility Computing team chat Microsoft Office Value Scam Windows Spyware Financial Technology Office 365 Camera Analysis Thank You PowerPoint Identity Employer-Employee Relationship Legal Data Theft Twitter Wi-Fi Quick Tips Congratulations Language Remote Monitoring Identities Hard Drive Ciminal Safety Computer Forensics Artificial Intelligence Tech Support Risk Management Gadgets Company Culture Fraud Websites Device Security Virus Managing Stress Business Continuity Gmail App store Printers Social Engineering Regulation Application IT budget Vendor Management Data Security Mobile Security Data Protection Compliance Edge Patch Management Wasting Money Memory Proactive Financial

Latest News & Events

Join Us On July 25, 2018 At 11AM Pacific Time For A Free 30-Minute Educational Webinar On How To Reduce The Number Of Meetings You Have And Make The Meetings You Do Have Much More Effective.  AgendaIntroMicrosoft Teams and Office ...

Contact Us

Learn more about what Agilitec IT can do for your business.

Call Us Today
Call us today
(702) 720-1700

5215 Ponderosa Way
Suite D

Las Vegas, Nevada 89118