Have you heard about the new malware called “Slingshot” that’s straight out of a Hollywood movie? Used by online spies since 2012, Slingshot can take control of your WiFi router to have complete access to your devices connected to WiFi?
This malware can hide in your router and extract personal information for your device for months without your knowledge. No images of skeletons dancing in your screen, or no signs of being hacked like typical virus attack visuals you see in movies!
The analysis suggests Slingshot collects screenshots, keyboard data, network data, passwords, USB connections, other desktop activity, clipboard data and more, although its kernel access means it can steal whatever it wants.
So far, researchers have seen around 100 victims of Slingshot and its related modules, located in Kenya, Yemen, Afghanistan, Libya, Congo, Jordan, Turkey, Iraq, Sudan, Somalia and Tanzania.
Most of the victims appear to be targeted individuals rather than organizations, but there are some government organizations and institutions. Kenya and Yemen account for most of the victims observed so far.
Certify your team in cybersecurity before your company is hit by a cyberattack
“Slingshot is a sophisticated threat, employing a wide range of tools and techniques, including kernel mode modules that have to date only been seen in the most advanced predators. The functionality is very precious and profitable for the attackers, which could explain why it has been around for at least six years,” said Alexey Shulmin, Lead Malware Analyst, Kaspersky Lab.
How to avoid this attack
Share these tips from Kaspersky Lab with a networking expert to safeguard yourself from Slingshot:
- Users of Mikrotik routers should upgrade to the latest software version as soon as possible to ensure protection against known vulnerabilities. Further, Mikrotik Winbox no longer downloads anything from the router to the user’s computer
- Use a proven corporate-grade security solution in combination with anti-targeted attack technologies and threat intelligence
- Provide security staff with access to the latest threat intelligence data, which will arm them with helpful tools for targeted attack research and prevention, such as indicators of compromise (IOC), YARA and customized advanced threat reporting
- If you spot early indicators of a targeted attack, consider managed protection services that will allow you to proactively detect advanced threats, reduce dwell time and arrange a timely incident response