Contact us today!
866-348-2602

Total Tech Care Blog

Total Tech Care has been serving Florida since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Your Router Can Host Some Pretty Nasty Malware

Your Router Can Host Some Pretty Nasty Malware

Hundreds of millions of people use wireless Internet connections every day, and as a result, hackers are taking that as a challenge. They are now starting to develop malware that targets people through their routers. Recently, security researchers at Kaspersky Lab have discovered the malware named Slingshot. The code is designed to spy on PCs through a multi-layer attack that targets MikroTik routers. Today we take a look at Slingshot, and other router-based malware and what you can do about it.

Slingshot
Slingshot works by replacing a library file with a malicious version that downloads more malicious components and then eventually launches a two-front attack on the computers connected to it. The first one runs low-level kernel code that gives an intruder free rein of a system, while the other focuses on the user level and includes code to manage the file system and keep the malware alive.

It is a very intricate attack that calls the nefarious code in from an encrypted virtual file system; managing to do so without crashing the host system, a feat not lost on the security experts at Kaspersky Lab, who deemed it a state-sponsored attack because of the quality of the overall attack and the complexity of its components. Reports suggest that the malware can basically steal whatever it wants, including keyboard strokes, passwords, screenshots, and information about network usage and traffic.

MikroTik has announced that they have patched the vulnerability on versions of their routing firmware, but concerns remain as no one is sure if other router manufacturers have been affected. If that were to come to fruition, Slingshot could be a much larger problem than is currently believed.

Other Instances
Slingshot isn’t the first instance of a router turning on its owner. Traditionally, router security is known to be largely unreliable. Much of this is on the manufacturers, which have been known to build many different products without having a strategy in place to keep them working with up-to-date security. It is also up to the user to keep their router’s firmware up-to-date - something that is very easy to not keep top-of-mind. Plus, some routers make firmware updates time-consuming and difficult.

To attack the network, hackers seek to change the DNS server setting on your router. When you try to connect to a secure website, the malicious DNS server tells you to go to an elaborately constructed phishing site instead. By spoofing the domain and rerouting you to a website that is specifically constructed to take advantage of you, you have very little chance of warding off the attack before it’s too late.

Hackers have also been known to inject all types of user hindrances such trying to perform drive-by downloads, or inundating users with advertisements. Many attacks make use of cross-site request forgery attacks where a malicious actor creates a rogue piece of JavaScript that repeatedly tries to load the router’s web-admin page and change the router’s settings.

What to Do If This Happens to You
The first thing you should do is work to ascertain if your router has been compromised. You can do this in several ways, but the most telling is that your DNS server has been changed. You’ll have to access your router's web-based setup page. Once in, you have to visit the Internet connection screen. If your DNS setting is set to automatic, you are in the clear. If it’s set to “manual”, however, there will be custom DNS servers entered in the space. Many times, this is the first sign of a problem.

If you have been compromised, ensuring your router is set up to your manufacturer’s specifications will help you mitigate damage. To ward against this happening to you, you should always:

  • Install firmware updates: Making sure your router’s firmware is updated to the latest version will definitely help.
  • Disable remote access: Stop remote access to secure against anyone changing settings on your networking equipment.
  • Turn off UPnP: Plug and play can be very convenient, but your router could be affected through UPnP if there is any malware on the network since it is designed to universally trust all requests.
  • Change credentials: Changing your passwords are a simple way of keeping unwanted entities out of your router.

For more information about network and cybersecurity, the expert technicians at Total Tech Care are accessible and ready to help you keep your network and infrastructure secure. For help, call us at 866-348-2602.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, 02 April 2025
If you'd like to register, please fill in the username, password and name fields.

Blog Archive

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      Free Consultation
       

      Tag Cloud

      Security Tip of the Week Technology Best Practices Business Computing Cloud Privacy Hackers Productivity Hosted Solutions Software Efficiency Network Security Business Google Internet Microsoft Email Malware Backup Workplace Tips Innovation User Tips Data Computer Mobile Devices IT Services Hardware Disaster Recovery Android VoIP communications IT Support Business Continuity Smartphones Communication Miscellaneous Smartphone Mobile Device Browser Small Business Network Collaboration Productivity Cybersecurity Quick Tips Users Business Management Windows Managed IT Services Upgrade Phishing Outsourced IT Data Backup Ransomware Windows 10 Save Money Data Recovery Office Server Cloud Computing Passwords Windows 10 Tech Term Chrome Virtualization Saving Money Holiday Gadgets Social Media Microsoft Office Managed IT Services Automation Managed Service Operating System Cybercrime Computers Facebook Artificial Intelligence Hacking Health BYOD Internet of Things Mobile Device Management Networking IT Support Wi-Fi Managed Service Provider Remote Spam Office 365 Covid-19 Telephone Systems Information Alert Information Technology Recovery Employer-Employee Relationship Social Engineering Mobility Router BDR Bandwidth Password Big Data Money Human Resources Encryption Data Breach Applications Remote Monitoring Mobile Computing Law Enforcement Application App History Data Storage Apps Patch Management Remote Computing Mobile Office Government Blockchain Paperless Office Private Cloud Office Tips How To Training Managed IT VPN Work/Life Balance Voice over Internet Protocol Settings Vulnerability Two-factor Authentication Windows 7 Word Flexibility Google Drive Mouse HaaS Marketing Servers WiFi IT solutions Entertainment Website Avoiding Downtime Budget Data Security Wireless Gmail Bring Your Own Device Data Management Infrastructure Cleaning Firewall Conferencing Scam End of Support Virtual Reality Apple Physical Security Education Data Protection Safety Social HIPAA Sports Vendor Management Redundancy User Error Keyboard Vendor Meetings Managed Services Display USB Risk Management Telephone System Staff Hacker Software as a Service Machine Learning Employee/Employer Relationship Save Time Remote Work Connectivity The Internet of Things RMM Lithium-ion battery Computing Infrastructure Customer Service Going Green Environment Digital Signage Augmented Reality Fax Server Fraud Business Intelligence Battery SaaS Remote Worker Shadow IT Audit Procurement Worker Legal Virus Workplace Strategy Cryptocurrency IT Management Net Neutrality Unified Threat Management Internet Exlporer Help Desk Computer Accessories Network Congestion Botnet eWaste IT Plan Printing PDF Comparison Unsupported Software CES Proactive IT Managed Services Provider Charger Printer Wearable Technology Business Technology Best Practice Content Management Database Bluetooth Compliance Retail YouTube Access Control Hard Drives Instant Messaging OneNote Remote Workers Computer Care Black Market Virtual Assistant Robot Excel Current Events Telephony Authentication Processor Biometrics Samsung Virtual Desktop IT Consultant Document Management Solid State Drive Wireless Technology Hard Drive Value How to Downtime DDoS Update Humor Electronic Medical Records Spam Blocking Computing SharePoint Data storage Google Docs Automobile Identity Theft Hiring/Firing MSP Tip of the week Messaging Accountants webinar Cabling Emergency Hypervisor Credit Cards Employer Employee Relationship Best Available Microchip Professional Services Policy Thought Leadership Public Cloud Reputation Dark mode Password Management Streaming Media Trend Micro Password Manager Assessment WIndows 7 Antivirus Content Tech Support Windows Server 2008 SMS Windows 8 Default App Multi-Factor Security Saving Time Techology Search Engine IT service Laptop Tools Procedure Twitter Customers dark theme NIST Shopping Business Mangement Television Google Search Audiobook AI Smart Tech Tablet IT Infrastructure Trending Amazon Bing Domains Touchpad FinTech Addiction Windows Media Player Social Network Recycling Public Computer User PowerPoint Transportation Politics IaaS Advertising Wiring Maintenance Regulations Practices Investment Bloatware Computer Fan Employee/Employer Relationships Amazon Web Services Rootkit Employees Cache Windows 365 Safe Mode Notifications Criminal ISP Managing Stress Benefits GDPR Video Conferencing Hosted Computing Tablets Workers ROI Entrepreneur FENG Bitcoin Online Shopping Shortcuts Cameras Sales Wireless Internet Relocation Point of Sale File Sharing Personal IBM Cryptomining Smart Technology Camera Shortcut Flash Supply Chain Management Inventory Specifications Cost Management Batteries Evernote Video Games Monitoring Wire Windows 8.1 Social Networking Software Tips Digitize Supercomputer Travel Worker Commute Experience Printers Sync Emails Windows Server 2008 R2 Millennials Smart Office Wireless Charging Scalability Printer Server Customer relationships Running Cable Email Best Practices IT Assessment Manufacturing Business Owner Workforce Two Factor Authentication Virtual Private Network NarrowBand Memory Netflix Root Cause Analysis Managed IT Service Cables Security Cameras Search Computer Tips iPhone Virtual CIO HBO OneDrive Knowledge Biometric Security Music Telecommuting Project Management Skype Peripheral Nanotechnology Data loss Using Data Cortana Digital Security Cameras Files Outlook Copiers Digital Signature Science Leadership 5G Troubleshooting Warranty Chromecast Start Menu Quick Tip Ergonomics HVAC Screen Mirroring Google Apps Loyalty Smartwatch Distributed Denial of Service Colocation Customer Relationship Management Uninterrupted Power Supply Frequently Asked Questions Development Analysis OLED Books Virtual Machine Consultant Administrator Mobile PCI DSS Devices Analyitcs Windows 10s 2FA Enterprise Content Management Programming Cast Fiber Optics Employee Analytics Monitor

      Top Blog

      The reasoning for this is simple: you want to make sure that operations are proceeding as intended, even if you’re not there. If you completely check out from the workplace every time you leave, you could return from your vacation to a complete and total disaster that may have been prevented with y...
      QR-Code