Contact us today!
866-348-2602

Total Tech Care Blog

Total Tech Care has been serving Florida since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

Your Router Can Host Some Pretty Nasty Malware

Your Router Can Host Some Pretty Nasty Malware

Hundreds of millions of people use wireless Internet connections every day, and as a result, hackers are taking that as a challenge. They are now starting to develop malware that targets people through their routers. Recently, security researchers at Kaspersky Lab have discovered the malware named Slingshot. The code is designed to spy on PCs through a multi-layer attack that targets MikroTik routers. Today we take a look at Slingshot, and other router-based malware and what you can do about it.

Slingshot
Slingshot works by replacing a library file with a malicious version that downloads more malicious components and then eventually launches a two-front attack on the computers connected to it. The first one runs low-level kernel code that gives an intruder free rein of a system, while the other focuses on the user level and includes code to manage the file system and keep the malware alive.

It is a very intricate attack that calls the nefarious code in from an encrypted virtual file system; managing to do so without crashing the host system, a feat not lost on the security experts at Kaspersky Lab, who deemed it a state-sponsored attack because of the quality of the overall attack and the complexity of its components. Reports suggest that the malware can basically steal whatever it wants, including keyboard strokes, passwords, screenshots, and information about network usage and traffic.

MikroTik has announced that they have patched the vulnerability on versions of their routing firmware, but concerns remain as no one is sure if other router manufacturers have been affected. If that were to come to fruition, Slingshot could be a much larger problem than is currently believed.

Other Instances
Slingshot isn’t the first instance of a router turning on its owner. Traditionally, router security is known to be largely unreliable. Much of this is on the manufacturers, which have been known to build many different products without having a strategy in place to keep them working with up-to-date security. It is also up to the user to keep their router’s firmware up-to-date - something that is very easy to not keep top-of-mind. Plus, some routers make firmware updates time-consuming and difficult.

To attack the network, hackers seek to change the DNS server setting on your router. When you try to connect to a secure website, the malicious DNS server tells you to go to an elaborately constructed phishing site instead. By spoofing the domain and rerouting you to a website that is specifically constructed to take advantage of you, you have very little chance of warding off the attack before it’s too late.

Hackers have also been known to inject all types of user hindrances such trying to perform drive-by downloads, or inundating users with advertisements. Many attacks make use of cross-site request forgery attacks where a malicious actor creates a rogue piece of JavaScript that repeatedly tries to load the router’s web-admin page and change the router’s settings.

What to Do If This Happens to You
The first thing you should do is work to ascertain if your router has been compromised. You can do this in several ways, but the most telling is that your DNS server has been changed. You’ll have to access your router's web-based setup page. Once in, you have to visit the Internet connection screen. If your DNS setting is set to automatic, you are in the clear. If it’s set to “manual”, however, there will be custom DNS servers entered in the space. Many times, this is the first sign of a problem.

If you have been compromised, ensuring your router is set up to your manufacturer’s specifications will help you mitigate damage. To ward against this happening to you, you should always:

  • Install firmware updates: Making sure your router’s firmware is updated to the latest version will definitely help.
  • Disable remote access: Stop remote access to secure against anyone changing settings on your networking equipment.
  • Turn off UPnP: Plug and play can be very convenient, but your router could be affected through UPnP if there is any malware on the network since it is designed to universally trust all requests.
  • Change credentials: Changing your passwords are a simple way of keeping unwanted entities out of your router.

For more information about network and cybersecurity, the expert technicians at Total Tech Care are accessible and ready to help you keep your network and infrastructure secure. For help, call us at 866-348-2602.

 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Thursday, 24 April 2025
If you'd like to register, please fill in the username, password and name fields.

Blog Archive

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      Free Consultation
       

      Tag Cloud

      Security Tip of the Week Technology Best Practices Business Computing Cloud Privacy Hackers Productivity Hosted Solutions Efficiency Software Network Security Business Google Microsoft Internet Email Malware Workplace Tips Backup Innovation Data User Tips Computer Mobile Devices IT Services Hardware Android VoIP Disaster Recovery communications IT Support Smartphones Communication Business Continuity Miscellaneous Smartphone Mobile Device Browser Small Business Network Productivity Collaboration Cybersecurity Quick Tips Users Business Management Upgrade Phishing Windows Managed IT Services Data Backup Outsourced IT Ransomware Windows 10 Cloud Computing Server Save Money Data Recovery Office Passwords Windows 10 Gadgets Tech Term Chrome Virtualization Saving Money Holiday Social Media Managed Service Microsoft Office Automation Managed IT Services Cybercrime Artificial Intelligence Operating System Computers Facebook IT Support Health Wi-Fi Hacking BYOD Mobile Device Management Internet of Things Networking Alert Managed Service Provider Covid-19 Spam Office 365 Telephone Systems Information Technology Remote Information Recovery Employer-Employee Relationship Social Engineering Mobility Router Bandwidth BDR Human Resources Big Data Password Money Remote Monitoring Data Breach Encryption Mobile Computing Applications App History Application Law Enforcement Managed IT Data Storage Remote Computing Patch Management Apps Mobile Office Office Tips Blockchain Training Government Paperless Office How To VPN Private Cloud Infrastructure Two-factor Authentication Voice over Internet Protocol Bring Your Own Device Data Management Work/Life Balance Vulnerability Mouse Windows 7 HaaS Word Flexibility Marketing Servers WiFi Google Drive IT solutions Entertainment Website Wireless Budget Data Security Avoiding Downtime Gmail Settings Firewall Save Time Vendor Virtual Reality Managed Services Apple Conferencing Display Cleaning Social Scam User Error Data Protection Employee/Employer Relationship End of Support Meetings RMM Education Physical Security Vendor Management Safety Risk Management Sports HIPAA Redundancy Hacker Keyboard USB The Internet of Things Lithium-ion battery Telephone System Staff Software as a Service Machine Learning Remote Work Connectivity Solid State Drive Wireless Technology How to Fax Server Downtime Google Docs Hiring/Firing Identity Theft Managed Services Provider SaaS Data storage Database Automobile Augmented Reality Remote Workers Computing Infrastructure Fraud Network Congestion Business Intelligence eWaste Processor Going Green Remote Worker Worker Virus Audit IT Management Cryptocurrency Hard Drive Unified Threat Management Battery Shadow IT Computer Accessories Botnet IT Plan Wearable Technology Legal Computing Retail Comparison Hard Drives Instant Messaging Internet Exlporer Unsupported Software CES Robot Excel PDF Charger Biometrics Printer Business Technology Content Management Virtual Desktop Bluetooth Access Control Compliance Digital Signage Computer Care Proactive IT OneNote Virtual Assistant DDoS Current Events Best Practice Telephony Authentication SharePoint Samsung YouTube Procurement IT Consultant Black Market Net Neutrality Workplace Strategy Value Customer Service Update Help Desk Humor Electronic Medical Records Environment Document Management Spam Blocking Printing Screen Mirroring HVAC Video Conferencing Antivirus Loyalty Google Apps ROI Frequently Asked Questions Sales Analysis Bitcoin Books Shortcuts Windows 8 Files Cryptomining Consultant Mobile Administrator Point of Sale Windows 10s Devices Personal IT service Cast Enterprise Content Management Supply Chain Management Chromecast Analytics Tip of the week MSP Monitoring webinar Accountants Batteries Emergency Tablet Colocation Employer Employee Relationship Credit Cards Best Available Uninterrupted Power Supply Professional Services Microchip Windows 8.1 Public Cloud Thought Leadership Digitize Domains Password Management Assessment Password Manager Windows Server 2008 R2 WIndows 7 Windows Server 2008 Customer relationships IaaS Maintenance Monitor Multi-Factor Security Manufacturing Bloatware Tools Search Engine Email Best Practices Twitter IT Assessment NIST Television Business Mangement Streaming Media Computer Tips Smart Tech Managed IT Service Reputation Trending Security Cameras Tablets Amazon Biometric Security Entrepreneur Tech Support Virtual CIO Content Addiction OneDrive Peripheral Techology Public Computer Recycling User Laptop PowerPoint Windows Media Player Regulations Wiring Digital Security Cameras Practices Using Data Shortcut Customers Transportation Rootkit Amazon Web Services 5G Cost Management Audiobook Computer Fan Cache Copiers Safe Mode Quick Tip Criminal Social Networking Managing Stress Touchpad GDPR Ergonomics Workers Hosted Computing Benefits Smartwatch Advertising Online Shopping OLED Cameras Politics FENG Wireless Internet Development File Sharing PCI DSS Running Cable IBM Virtual Machine Notifications Flash Camera 2FA Inventory Fiber Optics Smart Technology Specifications Employee Memory Evernote Cabling Wire Messaging Software Tips Policy Supercomputer Hypervisor Travel Sync Printers Dark mode Emails Trend Micro Relocation Millennials SMS Wireless Charging Default App Printer Server Smart Office Procedure Video Games Saving Time Science Google Search Virtual Private Network dark theme Worker Commute Netflix Shopping Two Factor Authentication Workforce Root Cause Analysis AI Cables IT Infrastructure Experience HBO FinTech Distributed Denial of Service Scalability Knowledge Customer Relationship Management Music Bing Telecommuting Analyitcs Skype Project Management Business Owner Nanotechnology Social Network Data loss Cortana Investment Programming NarrowBand Outlook Employees Search Leadership Digital Signature Employee/Employer Relationships Troubleshooting iPhone ISP Start Menu Warranty Windows 365

      Top Blog

      The reasoning for this is simple: you want to make sure that operations are proceeding as intended, even if you’re not there. If you completely check out from the workplace every time you leave, you could return from your vacation to a complete and total disaster that may have been prevented with y...
      QR-Code