About Us

IT Services

Understanding IT

News & Events



Contact Us

  • Register

Alternative IT Solutions Blog

Your Router Can Host Some Pretty Nasty Malware

Your Router Can Host Some Pretty Nasty Malware

Hundreds of millions of people use wireless Internet connections every day, and as a result, hackers are taking that as a challenge. They are now starting to develop malware that targets people through their routers. Recently, security researchers at Kaspersky Lab have discovered the malware named Slingshot. The code is designed to spy on PCs through a multi-layer attack that targets MikroTik routers. Today we take a look at Slingshot, and other router-based malware and what you can do about it.

Slingshot works by replacing a library file with a malicious version that downloads more malicious components and then eventually launches a two-front attack on the computers connected to it. The first one runs low-level kernel code that gives an intruder free rein of a system, while the other focuses on the user level and includes code to manage the file system and keep the malware alive.

It is a very intricate attack that calls the nefarious code in from an encrypted virtual file system; managing to do so without crashing the host system, a feat not lost on the security experts at Kaspersky Lab, who deemed it a state-sponsored attack because of the quality of the overall attack and the complexity of its components. Reports suggest that the malware can basically steal whatever it wants, including keyboard strokes, passwords, screenshots, and information about network usage and traffic.

MikroTik has announced that they have patched the vulnerability on versions of their routing firmware, but concerns remain as no one is sure if other router manufacturers have been affected. If that were to come to fruition, Slingshot could be a much larger problem than is currently believed.

Other Instances
Slingshot isn’t the first instance of a router turning on its owner. Traditionally, router security is known to be largely unreliable. Much of this is on the manufacturers, which have been known to build many different products without having a strategy in place to keep them working with up-to-date security. It is also up to the user to keep their router’s firmware up-to-date - something that is very easy to not keep top-of-mind. Plus, some routers make firmware updates time-consuming and difficult.

To attack the network, hackers seek to change the DNS server setting on your router. When you try to connect to a secure website, the malicious DNS server tells you to go to an elaborately constructed phishing site instead. By spoofing the domain and rerouting you to a website that is specifically constructed to take advantage of you, you have very little chance of warding off the attack before it’s too late.

Hackers have also been known to inject all types of user hindrances such trying to perform drive-by downloads, or inundating users with advertisements. Many attacks make use of cross-site request forgery attacks where a malicious actor creates a rogue piece of JavaScript that repeatedly tries to load the router’s web-admin page and change the router’s settings.

What to Do If This Happens to You
The first thing you should do is work to ascertain if your router has been compromised. You can do this in several ways, but the most telling is that your DNS server has been changed. You’ll have to access your router's web-based setup page. Once in, you have to visit the Internet connection screen. If your DNS setting is set to automatic, you are in the clear. If it’s set to “manual”, however, there will be custom DNS servers entered in the space. Many times, this is the first sign of a problem.

If you have been compromised, ensuring your router is set up to your manufacturer’s specifications will help you mitigate damage. To ward against this happening to you, you should always:

  • Install firmware updates: Making sure your router’s firmware is updated to the latest version will definitely help.
  • Disable remote access: Stop remote access to secure against anyone changing settings on your networking equipment.
  • Turn off UPnP: Plug and play can be very convenient, but your router could be affected through UPnP if there is any malware on the network since it is designed to universally trust all requests.
  • Change credentials: Changing your passwords are a simple way of keeping unwanted entities out of your router.

For more information about network and cybersecurity, the expert technicians at Alternative IT Solutions are accessible and ready to help you keep your network and infrastructure secure. For help, call us at (0)20 8498 4300.

Save the Date: Microsoft Products End of Life
Know Your Tech: Cache


No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Saturday, February 16, 2019

Captcha Image

Mobile? Grab this Article!

QR-Code dieser Seite

Tag Cloud

Tip of the Week Security Technology Best Practices Business Computing Cloud Network Security Privacy Google Data Backup User Tips Hosted Solutions Mobile Devices Tech Term Email Hackers Malware Productivity Data Data Recovery VoIp Cloud Computing Managed IT Services Microsoft Outsourced IT Communications IT Support Innovation Internet Managed IT Services Hardware IT Services Efficiency Communication Internet of Things Software Backup Smartphone Smartphones Saving Money Workplace Tips Business Artificial Intelligence Chrome Browser Android Cybersecurity Router Windows 10 Business Continuity Network Small Business BDR How To Alert Business Management Cybercrime Gadgets Ransomware Mobile Device Spam Windows Collaboration Information Money Server Office 365 Disaster Recovery Applications Phishing Two-factor Authentication Holiday Word Mobile Device Management Data Security Computers Computer Data Protection Connectivity Wi-Fi Encryption Vulnerability Remote Monitoring Social Media Managed Service Voice over Internet Protocol Social Engineering Facebook Identity Theft BYOD Managed IT IT Management Business Intelligence Save Money Telephone Systems Private Cloud Settings Miscellaneous Software as a Service Servers Fraud Machine Learning Redundancy Law Enforcement Document Management Botnet Website IT Plan Unsupported Software Virtualization Upgrade Comparison Employer-Employee Relationship Windows 7 Scam App Data Storage Passwords Networking Avoiding Downtime OneNote Budget Operating System Human Resources Sports Bring Your Own Device Update Infrastructure Access Control Spam Blocking Virtual Assistant CES Microsoft Office Data Breach Value Mobile Computing Work/Life Balance Apps Telephony Password Telephone System Content Management Mobility Automation Compliance Firewall Credit Cards VPN Paperless Office Google Docs Workers Google Drive Blockchain Training Keyboard Help Desk Professional Services Office Tips Leadership Accountants Windows Server 2008 Microchip Trending Public Cloud Risk Management Network Congestion PDF FENG HBO Cortana Big Data HIPAA USB Computer Fan Wireless Charging Hosted Computing Cast File Sharing Social Skype Marketing Amazon YouTube Enterprise Content Management Sync Content Filtering Legal Smartwatch Travel Telecommuting HaaS Outlook Charger Warranty Google Apps Business Mangement Devices Data Management Wire The Internet of Things Software Tips Government Netflix Inventory Vendor Specifications Addiction Recovery MSP Amazon Web Services Meetings Patch Management Samsung Password Management Search Engine Information Technology Lifestyle Proactive IT Criminal Employee Remote Work IT Consultant Frequently Asked Questions Printer Gmail Thought Leadership Electronic Medical Records SaaS Black Market Hiring/Firing Camera Bandwidth Display Start Menu Millennials Solid State Drive Augmented Reality Online Shopping Smart Tech Flash NIST Bing Regulations Flexibility IBM Digital Signage Downtime Excel Cleaning Mouse Recycling Windows 10s Workforce Current Events Staff Smart Office Physical Security WiFi Authentication Security Cameras Tools Cache Audit IT Support Remote Worker Evernote webinar HVAC Data loss Cryptocurrency Shortcuts Supercomputer Google Search Mobile Entertainment Root Cause Analysis Tip of the week Computer Care Administrator Multi-Factor Security eWaste Knowledge Digital Signature Health Theft Password Manager Nanotechnology Hacker Wireless Internet Data Warehousing Save Time Wiring Conferencing Practices Screen Mirroring Safe Mode Unified Threat Management Managed Service Provider Remote Monitoring and Maintenance Net Neutrality Storage Employee/Employer Relationship Windows 10 Education Hacking Battery Project Management Regulation GDPR Automobile Consultation Line of Business ISP Utility Computing Twitter Students E-Commerce Fiber-Optic Thank You Business Technology IoT Company Culture Assessment Strategy Healthcare Computer Accessories Cables Congratulations Bata Backup Rootkit Managing Stress Business Owner Instant Messaging Television Analysis Electronic Health Records Bluetooth Streaming Media Employer Employee Relationship Vendor Management Printers Unified Communications Two Factor Authentication Insurance Worker Proactive Public Computer Loyalty Content Filter VoIP Quick Tips Virtual Private Network Office Safety eCommerce

Latest News & Events

Alternative IT Solutions is proud to announce the launch of our new website at https://www.alternative-IT.co.uk. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our ser...

Contact Us

Learn more about what Alternative IT Solutions can do for your business.

Call Us Today
Call us today
(0)20 8498 4300

Avocet House, Trinity Park, Trinity Way
London, England E4 8TD