Malvertising and Router Malware

Malware is constantly evolving to be better, stronger, and faster. It is no longer limited to personal computers, but can spread throughout networks and to networking devices, as well. Zero days appear on everything from IoT and mobile devices to powerful commercial grade routers; yet somehow, many of us (including vendors themselves) seem to take security on our home networking devices for granted. 

Creating strong SSID credentials is a good first step, but in the end, will only prevent some attacks. After all, while home routers face a multitude of threats, one in particular can easily go undetected. And in the end, routers are affected in a way that most users may not notice: their DNS gets hijacked. 

DNS hijacking malware can easily be obtained via malicious downloads or websites, code that has been injected into a legitimate website, or even from malicious advertisments (malvertising) found on legitimate sites. If DNS settings on a home router have been manipulated, attackers have the ability to redirect web traffic, strip SSL, prevent software updates, carry out man-in-the-middle attacks, steal sensitive information, and much more. Even worse, a user who is not keen to notice something like a missing “https” from the address bar, may be fooled into entering sensitive information into forms which they believe are trusted websites.

Not unlike strengthening your SSID credentials, your router’s admin login credentials should also be changed. These are a separate set of credentials and it’s important to ensure that both have been updated. After all, there are entire lists of default credentials all over the internet, so it isn’t difficult for an attacker to deduce how to gain admin access to your device once the network has been infected. Herein lies a major part of the problem.

Check your manufacturer’s documentation on how and where to access the DNS configuration panel on your home router. Once you’ve gained access to the panel, it is likely that, unless it’s been manually configured, your DNS entries will be empty. If you see an entry you don’t recognize, conduct some research on the IP. If you still feel as if something may be awry, run a virus scan on your computer(s) and restore your router to factory defaults. 

Following preventative measures is also useful. First, ensure your firmware is up-to-date. Upon login, many control panels will alert the user that their device is in need of an update. Also, ensure this panel is not easily accessible from outside your network. If this is necessary, ensure that communications are encrypted. This is not necessary for most users however, and should be disabled.

If possible, regular panel logins could be useful for the prevention of malicious DNS and other router-based attack vectors. It is better to be safe than sorry, and in the end, anyone can fall victim to something like malvertising.

Learn More:
http://www.routerpasswords.com

Previous
Previous

Google Hacking aka Google Dorking