Has Malware Made a Home in Your Router?

Hackers and cybercriminals, like most people, tend to gravitate towards high-reward activities. In this case, that means that focus is turning to creating malware that attacks the router, potentially infecting the users that leverage it to connect wirelessly to the Internet. Researchers at Kaspersky Lab recently discovered an example of such a malware, so today, we will review this threat and how to best protect your network.

Slingshot
This threat, codenamed Slingshot, targets MikroTik routers and utilizes a multi-layer attack to spy on the PCs connected to the router. By replacing a library file with a malicious alternative that subsequently downloads other pieces of the malware, Slingshot is able to bypass security solutions unscathed. It then launches a two-pronged attack, one leveraging low-level kernel code to give an intruder carte blanche access to a system, the second managing the file system and preserving the malware – allowing it to continue.

If this sounds impressive, it is – not only does this attack access additional code from an encrypted virtual file system, it does so without crashing its host. This quality and complexity led the security experts at Kaspersky Lab to conclude that this attack was state-sponsored. Based on reports, this malware can collect just about any data that it wants to from its target, from keystrokes to passwords to screenshots to network traffic.

According to MicroTik, their routing firmware has received a patch for this vulnerability, but it is still unknown if routers from other manufacturers are affected. If they have, Slingshot could suddenly become a much larger issue than it already is.

Other Router Malware
Of course, Slingshot isn’t the only issue that affects router security. The fail-safes and security measures baked into routers have been historically unreliable. This can largely be attributed to manufacturers building numerous products with no comprehensive strategy concerning their security and keeping it up-to-date. However, this doesn’t mean that the user is off the hook, either. It is up to them to actually update the router’s firmware, not something that is necessarily their first, second, or even twenty-third thought. Furthermore, the updating process can often be challenging, as well as time-consuming.

Hackers will often change the DNS server setting on a router in order to attack a network. Rather than directing you to the secure website you are trying to navigate to, the altered DNS will instead send you to a phishing site. Since these sites are often convincingly created and designed to fool their targets, you may not realize you are being victimized until it has already happened.

In addition to attacks like these, hackers will also often use methods like barraging their targets with ads or infiltrating them via drive-by download. Some attacks leverage cross-site request forgery, where a hacker will develop a rogue piece of JavaScript that will attempt to load a router’s web-admin page to alter the router’s settings.

How to Mitigate Damage to You
If you suspect that you are the target of a router-based attack, your first step should be to confirm that something is wrong. While there are assorted ways to accomplish this, the most effective is to check if your DNS server has been changed. To check, you’ll need to access your router’s web-based setup page, and from there, the Internet connection screen. If your DNS setting is ‘automatic,’ you should be okay. However, if it says “manual,” with custom DNS servers entered, you may have a problem.

In order to mitigate damage in the case of compromise, you’ll need to make sure that your router matches the specifications set by the manufacturer. To do this, make sure you:

Promptly install firmware updates: Keeping your router’s firmware up-to-date will assist you in keeping your router secure.
Disable remote access: By disabling the capacity for your router to be accessed remotely, you prevent the chance of someone changing the settings without your knowledge.
Disable UPnP: While there is definitely some convenience to be had with the assistance of plug and play capabilities, UPnP could lead to your router becoming infected, as it is predisposed to trust any requests it receives.
Change your access credentials: A simple means of upping your security is to change your access credentials away from the router defaults.

If you want to know more about your cybersecurity, the professionals at Palindrome Consulting are there here to help you keep your network and infrastructure safe. Call us at 305-944-7300.

4.9

Based on 13 reviews

review us on

Elizabeth Mitrani

17:23 06 Aug 19

Palindrome Consulting was key in establishing my business and helps me keep it running. They are the consummate... professionals, incredibly knowledgeable and are always available to help. They have gone above and beyond to ensure that I was up and running quickly and that any issues that may arise on my end or dealt with immediately. I highly recommend Palindrome Consulting.read more

Moshe Rubinstein

14:57 28 Jun 19

They are there every step of the way. Responsive and timely. The full service mentality mixed with the problem solving... abilities, is what makes them an easy choice.read more

Benjamin Wainberg

14:09 28 Jun 19

Palindrome Consulting is customer centric. For Palindrome Data Safety is paramount; they keep their and our systems... updated with the newest technologies and are not shy at changing to better alternatives. Their platforms are always running and in the odd case there is an event, their technical team has an awesome response time.read more

Copier Man

13:56 28 Jun 19

We have been using Palindrome since 2005. They make my company feel like we are #1 all the time. Expert staff are... always available to help all my users all around the country.read more

Martin Feldman

16:43 26 Jun 19

As a partner in Fischer & Feldman, P.A. we have utilized Palindrome Consulting as our IT experts for many years. In... addition to keeping our server up and running, they are available to consult on the everchanging cloud and web landscape. We could not function as a successful law firm without their constant care, attention and almost IMMEDIATE RESPONSE TIME.read more

Rebecca Fischer

16:39 26 Jun 19

Palindrome has been my IT company for more than 15 years. We have been through four server and computer replacements... over the years all of which went smoothly. As technology has changed Palindrome has kept us current in their recommendations and are extremely responsive when we run into a software or hardware problem. We have been through hurricanes with Palindrome and felt confident they would have us up and running as quickly as possible and despite the fact we are probably a smaller client, they have treated us as one of their most important clients. I highly recommend Palindrome and have complete confidence in their capabilities and service. They have even gone the extra mile when we wanted to donate our old computers to a children's special needs school and delivered the computers, set them up and provided service for the same. Ilan Sredni is the consummate professional and has surrounded himself with top professionals and skilled technicians.read more

Nelson T

20:32 25 Jun 19

Palindrome Consulting has proven itself time and time again to be the epitome of professionalism and technical... expertise. They take the time to listen to your needs and then apply their wealth of technical knowledge to create truly innovative and robust solutions. They truly deliver piece of mind.read more

Next Reviews

Has Malware Made a Home in Your Router?

Interested in making a change in IT service companies? Let's chat.

Recent Insights From The Palindrome Blog

Schedule your No-Obligation IT Assessment with Palindrome Consulting

Check Out The Latest Tips & Tricks & Technology News.

Everyone’s Adopting This New Secret To Stronger Cybersecurity…

3 Ways Businesses Are Evolving Their Cybersecurity

How Microsoft Teams Supports Your Business Culture

Paying Too Much For Managed IT Services?