Skip to main content

Slingshot malware that attacks routers may be state-sponsored espionage tool

Keeping up with security updates for our various connected devices could be a full-time job. Whether it’s our smartphones, our PCs, our home assistants, or other devices, seemingly not a day goes by that we don’t hear about one security vulnerability or another. This time around, it’s the most central device in our networks, the router, that’s under attack.

Kaspersky recently reported on a new, fairly sophisticated, attack on MikroTik routers that its researchers described during the company’s Security Analyst Summit. Dubbed Slingshot, the vulnerability is a rather tricky piece of malware that can collect all kinds of information from PCs that are attacked via a compromised router — including screenshots, passwords, keyboard data, and other information.

While Kaspersky notified MikroTik of the issue and that company has already resolved the vulnerability, Kaspersky believes that other routers could still be affected. What makes Slingshot so potentially dangerous is that it piggybacks on legitimate router downloads and file executions — in this case, DLL files — which are used to infect PCs with kernel-mode malware that runs on affected machines without causing crashes. This malware, dubbed Cahnadr, joins with another piece called GollumApp that gives attackers “complete control” over a PC.

Digging into the details of the vulnerability, it’s obvious that the malware is particularly sophisticated, so much so that Kaspersky’s researchers suspect it’s the work of a group that’s highly organized, professional, and indeed likely to be state-sponsored. Given the kind of information that the malware seeks out, it’s also likely that it’s designed to perform cyber-espionage, and given that it can access the system at a very low level it’s capable of stealing any kind of information that exists on an infected PC.

There’s nothing we can do in response to attacks like Slingshot other than the single most important step: make sure that all of our devices are fully updated. Installing all OS and hardware updates is more important than ever, and that’s true not just for the most visible devices we use every day, like our smartphones and PCs, but also those hidden devices like routers that can serve as attack vectors for every other device on our networks.

Editors' Recommendations

Mark Coppock
Mark has been a geek since MS-DOS gave way to Windows and the PalmPilot was a thing. He’s translated his love for…
New ‘BrickerBot’ malware attack kills unsecured Internet of Things devices
microsoft security intelligence report 2016 online piracy

The Internet of Things (IoT) is at the heart of many modern technology devices, not the least of which are the increasingly popular smart home components that unlock our doors and control our heating and lighting. The security of IoT devices is, therefore, paramount if these increasingly ubiquitous devices are going to bring more benefit than cost.

Unfortunately, IoT has been the source of significant malware attacks in recent months, including the distributed denial of service (DDoS) attack that took down a large swatch of the internet in October 2016. Now, a new piece of malware, dubbed BrickerBot, is in the wild and targeting IoT device running the open-source Linux operating system, as Readwrite reports.

Read more
Yahoo is warning users over state-sponsored cookie-forging attacks
yahoo knew of mail hack in 2014 1

Yahoo’s security woes continue with the company sending out a fresh warning to users over hacked accounts at the hands of allegedly state-sponsored actors.

In an email to users, Yahoo said it has identified evidence of cookie-forging attacks on some accounts, which would allow attackers to access an account without re-entering a password. The email was only sent to accounts that Yahoo believes have been affected by these intrusion attempts so we don’t know how many people have been impacted.

Read more
Your Netgear router may expose your password if you don’t update its firmware
Netgear acknowledges router vulnerability, urges firmware updates
Netgear Nighthawk AC2600 router

The security of internet infrastructure devices like routers and wireless access points, along with all kinds of devices that connect through them, has been of particular concern lately. Recent distributed denial of service (DDoS) attacks have originated in Internet of Things (IoT) devices, for example, and a slowdown in such issues doesn't seem imminent.

Although Netgear recently released firmware updates to resolve a malicious link exploit in its line of internet routers, yet another issue remains to be tackled. This time around, it's a vulnerability that can expose the administrator password in certain Netgear routers, as Tom's Hardware reports.

Read more