Mytek Logo
MyTek Logo

Has Malware Made a Home in Your Router?

by | Jun 18, 2018 | Alerts, MyTek Blog


Subscribe To The Blog

By subscribing to the blog, you will be notified when a new blog post is created on the site.

Just like anyone, hackers and cybercriminals usually go toward what seems to be high-reward activities. This means, in this case, that malware is usually created to attack the router, which lets it potentially infect the users that are connected to it wirelessly to use its Internet. Kaspersky Lab researchers discovered one example of this malware that we will discuss today, so your network can be prepared and protected against it. 


MikroTik routers are usually targeted by this threat, which has been nicknamed Slingshot. It is usually used to spy on PCs that are connected to the router and does this by replacing a library file with their own malicious alternative that can download other pieces of malware and submit them into the system. This threat can bypass security systems and do so without being detected. After this, it launches a two-pronged attack, one that manages the malware to preserve it and the other that leverages a low-level kernel code to give an intruder carte blanche access to the entire system.

This might sound impressive, but this isn’t all it can do. It can also access additional codes from encrypted virtual file systems and it can do that without even crashing the host. With this complexity and quality, the experts of Kaspersky Lab concluded that the attack had to be state-sponsored. This malware has been found to be able to collect any data it wants from a target, such as passwords, keystrokes, screenshots, and network traffic.

The routing firmware from MicroTik has received a patch for this, but it is unknown if routers from different manufacturers can be affected in the same way by this malware. Slingshot could become a much larger issue if this is a possibility.

Other Router Malware and Router Security

Obviously, routers aren’t only affected by Slingshot, because there are other risks that can do so as well. Unluckily, the security and fail-safes connected to routers have proven to be unreliable. This is often due to manufacturers building multiple systems without putting much into the security elements, or keeping them up to date. But, this doesn’t take all of the blame off of the users. It is up to the user to make sure the router is updated which may not be a huge necessity to many business professionals but should definitely be. The updating process can be challenging and time-consuming, but it needs to be done.

DNS server settings on your router can be changed by hackers so that your network can be attacked. When you’re trying to reach a secure website, you may be redirected because of the altered DNS, sending you to a phishing site. These sites are created often and are designed to easily fool targets who may not even realize they are being targeted until it is far too late and it has already happened.

Hackers, in addition to these attacks, often barrage targets with ads or infiltrate them by a drive-by download. Other attacks are done by cross-site request forgery in which a hacker can develop a JavaScript rogue piece that can attempt to load on a router’s web-admin page to alter and change the router systems and settings to make it easy to infiltrate. 

How to Mitigate Damage to You

You should always confirm that something is wrong when you believe you have become a target of a router-based attack. One way to do this is to look at your router’s DNS server settings to see if they have been changed. This can be done with access to the router’s web-based setup page and the Internet connection screen. If the settings are “automatic,” everything should be fine, but if they have been changed to ‘manual,’ there is a big chance that they have been adjusted and that a custom DNS server has been entered.

In order to limit the damage done during a compromise, you should check to see if your router matched the manufacturer’s set specifications. This can be done by:

  • Promptly install firmware updates: Your router’s firmware should be kept up to date and updated so that it is secure and safe.
  • Disable remote access: To prevent the chance of someone changing your settings without your knowledge, you can disable the capability for it to be accessed remotely.
  • Disable UPnP: While this setting is often convenient, it isn’t very secure because it will trust any connection and request it receives, so you should disable this as well.
  • Change your access credentials: You should always change your credentials from the default ones that came with the router.

For more information about cybersecurity and router security, give MyTek a call today at 623-312-2440.


Tim - Team

Tim Tiller, LMSW

Tim Tiller, MSW brings a deep service background to his role at Mytek, having graduated from McDonald’s management training program, fresh out of high school, and working his way up through the ranks in the hospitality industry. He has led two prior companies – Multi-Systems Inc., an IT-focused organization providing technology to hospitality companies (where he was named President at age 36), and most recently, as Chief Operating Officer for Jewish Voice Ministries International.


Subscribe To This Author

By subscribing to the author, you will be notified when a new blog post is created by the author.


Top 5 Hardware Monitoring Software 

Did you know that almost 40% of servers had at least one outage in the last twelve months? Veeam reports that the most common reason for outrages is infrastructure failure which puts the current hardware monitoring practices under the scanner. Hardware failures are...

Types of Mobile Malware & How to Defend Against Them

Malware has a long history of undermining computer security and stealing critical data. With the rapid growth of mobile usage, we're now seeing a new breed of mobile malware infecting smartphones and tablets. The new-age mobile malware are more advanced, seamless, and...

How to Protect Your Data Privacy & Enhance IT Security

Every time you use a device, you enter, modify or access data. Some of your usages are routine and public but sometimes you perform tasks that are confidential in your personal life or business. Naturally, this type of data is private and it should be kept that way....

Mobile? Grab this Article!

QR Code

Blog Archive

Generated by Feedzy
Share This