MERIT Solutions Blog

MERIT Solutions has been serving the Chesapeake area since 1982, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Has Malware Made a Home in Your Router?

Has Malware Made a Home in Your Router?

Hackers and cybercriminals, like most people, tend to gravitate towards high-reward activities. In this case, that means that focus is turning to creating malware that attacks the router, potentially infecting the users that leverage it to connect wirelessly to the Internet. Researchers at Kaspersky Lab recently discovered an example of such a malware, so today, we will review this threat and how to best protect your network.

Slingshot
This threat, codenamed Slingshot, targets MikroTik routers and utilizes a multi-layer attack to spy on the PCs connected to the router. By replacing a library file with a malicious alternative that subsequently downloads other pieces of the malware, Slingshot is able to bypass security solutions unscathed. It then launches a two-pronged attack, one leveraging low-level kernel code to give an intruder carte blanche access to a system, the second managing the file system and preserving the malware - allowing it to continue.

If this sounds impressive, it is - not only does this attack access additional code from an encrypted virtual file system, it does so without crashing its host. This quality and complexity led the security experts at Kaspersky Lab to conclude that this attack was state-sponsored. Based on reports, this malware can collect just about any data that it wants to from its target, from keystrokes to passwords to screenshots to network traffic.

According to MicroTik, their routing firmware has received a patch for this vulnerability, but it is still unknown if routers from other manufacturers are affected. If they have, Slingshot could suddenly become a much larger issue than it already is.

Other Router Malware
Of course, Slingshot isn’t the only issue that affects router security. The fail-safes and security measures baked into routers have been historically unreliable. This can largely be attributed to manufacturers building numerous products with no comprehensive strategy concerning their security and keeping it up-to-date. However, this doesn’t mean that the user is off the hook, either. It is up to them to actually update the router’s firmware, not something that is necessarily their first, second, or even twenty-third thought. Furthermore, the updating process can often be challenging, as well as time-consuming.

Hackers will often change the DNS server setting on a router in order to attack a network. Rather than directing you to the secure website you are trying to navigate to, the altered DNS will instead send you to a phishing site. Since these sites are often convincingly created and designed to fool their targets, you may not realize you are being victimized until it has already happened.

In addition to attacks like these, hackers will also often use methods like barraging their targets with ads or infiltrating them via drive-by download. Some attacks leverage cross-site request forgery, where a hacker will develop a rogue piece of JavaScript that will attempt to load a router’s web-admin page to alter the router’s settings.

How to Mitigate Damage to You
If you suspect that you are the target of a router-based attack, your first step should be to confirm that something is wrong. While there are assorted ways to accomplish this, the most effective is to check if your DNS server has been changed. To check, you’ll need to access your router’s web-based setup page, and from there, the Internet connection screen. If your DNS setting is ‘automatic,’ you should be okay. However, if it says “manual,” with custom DNS servers entered, you may have a problem.

In order to mitigate damage in the case of compromise, you’ll need to make sure that your router matches the specifications set by the manufacturer. To do this, make sure you:

  • Promptly install firmware updates: Keeping your router’s firmware up-to-date will assist you in keeping your router secure.
  • Disable remote access: By disabling the capacity for your router to be accessed remotely, you prevent the chance of someone changing the settings without your knowledge.
  • Disable UPnP: While there is definitely some convenience to be had with the assistance of plug and play capabilities, UPnP could lead to your router becoming infected, as it is predisposed to trust any requests it receives.
  • Change your access credentials: A simple means of upping your security is to change your access credentials away from the router defaults.

If you want to know more about your cybersecurity, the professionals at MERIT Solutions are there here to help you keep your network and infrastructure safe. Call us at (757) 420-5150.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Friday, June 22 2018

Captcha Image

Tag Cloud

Security Tip of the Week Technology Best Practices Cloud Privacy Business Computing Network Security Hackers Malware Software Internet Productivity Hosted Solutions Business Management Backup google Computer Managed IT Services Disaster Recovery Outsourced IT Mobile Devices Microsoft Business Continuity communications VoIP Business Windows 10 IT Support Email User Tips Cybersecurity Hardware Innovation Data Backup IT Services Efficiency Cybercrime Apps Tech Term Server Ransomware Saving Money Mobile Device Management Mobility Data Recovery Windows Small Business Managed IT Data Smartphone Operating System Law Enforcement Internet of Things browser Productivity Virtualization BDR Save Money Office 365 Telephone Systems Android Money Cloud Computing Data Security Smartphones Passwords Hosted Solution Quick Tips Phishing BYOD Automation Chrome Managed Service Provider Communication Information Technology VPN Recovery Password Holiday Microsoft Office Google Drive Hacking Avoiding Downtime upgrade Risk Management Social Alert Health Unsupported Software Data Breach Miscellaneous Computers App Work/Life Balance Social Media Cost Management Best Practice Wi-Fi Facebook Application Government Collaboration IT Support Budget Data Management Update Network Gadgets Two-factor Authentication Vulnerability Wireless Cleaning USB Save Time Social Engineering Managed IT Services Streaming Media Telephony Identity Theft search Private Cloud Office tips Applications History Artificial Intelligence Flexibility Remote Computing Shortcut Proactive IT User Error Data Protection The Internet of Things Firewall Antivirus Current Events Audit Gmail Employer-Employee Relationship Compliance Personal Information Tech Support Workplace Tips Politics Spam Wireless Technology Television Wireless Charging Excel Office Google Assistant iPhone Data Storage Computer Care Phone System Apple Fraud OneNote Mobile Computing Legal Transportation Users Encryption WiFi Going Green Robot Bandwidth Data Loss eWaste End of Support Marketing Big Data Project Management Google Docs Education Vendor Management Router SaaS Disaster Humor Samsung Redundancy Content Filtering Battery Commerce HaaS Sports Management Cortana Blockchain IT solutions Patch Management Windows 10 Automobile DDoS Hacker Value Solid State Drive Mobile Security Internet Exlporer Devices Saving Time Identity iOS Spyware SBS Windows Ink Video Games Comparison Language compaq Virtual Reality Evernote PDF Data Privacy Regulation Computer Fan Scam Computer Forensics Wearable Technology Google Maps Specifications hp Screen Mirroring Music Networking Text Messaging Hard Drive Sync Dark Web Edge domain Meetings Employer Employee Relationship PowerPoint Software as a Service Sales Virus Cast Emails Analytics Keyboard Instant Messaging Workers Chromebook Adobe Ciminal remote Settings Computer Accessories Worker Commute Wireless Internet Retail Proactive Yahoo Mobile Device Uninterrupted Power Supply Managing Stress Updates Smart Tech Licensing Laptop WannaCry Server 2008 Gamification Running Cable Scalability Conferencing Websites Ali Rowghani HBO Webinar Books Hiring/Firing Trending Microsoft Word Connectivity Mobile Touchpad Reputation MSP Remote Monitoring Memory Microsoft Excel How To Gifts Advertising Data Theft IT solutions Benefits Content Filter Professional Services File Sharing intranet server installation dvd "cannot install required files" Students Computing stock IT Management Data storage Unified Threat Management Windows 10s Nanotechnology Monitoring Travel Unified Communications Storage Administration IT budget Chromecast Training Entertainment Credit Cards Analysis tweet WIndows Server 2008 Upgrades Hard Disk Drive Electronic Medical Records Maintenance Root Cause Analysis Point of Sale Tablets Financial Colocation calculator Company Culture HIPAA Black Market FAQ Hard Drives App store Twitter Consultant Safety Device Security control Augmented Reality Files Smart Technology Financial Technology NFL Lifestyle Identities Business Intelligence Administrator Touchscreen Lithium-ion battery Avoid Downtime Shadow IT Charger WSJ Outlook Exchange Document Management Printing Word Distributed Denial of Service Legislation Relocation IoT altivista Managed IT Service Access Experience CrashOverride Worker Cache Monitors Thank You Congratulations Emergency

Mobile? Grab this Article!

QR-Code dieser Seite

Recent Comments

Anna Jackson 5 SEO Tools To Get a Google-Eye View of Your Website
15 September 2017
Hello Randall! I was doing very important work but due to your subject I felt better to stay at you...
David Miller Not all project-management tools are right for all businesses
25 August 2017
All the points depicted by you in this blog is v.apt. I love the title of this blog because it says ...