Ever Wondered How Hackers Get Malware on Your Computer? Here Are Some Techniques
Hackers become more creative by adding more and more attacks to their repertoire.
Cybersecurity is becoming a rising problem for every company out there, which is why they have to properly train their employees and enhance their security. It gets harder and harder for them to access a company's system, so they are forced to change their strategy.
Let's take a look at some of these attacks to make you more aware of whats happening in the cyber world.
NFC Attacks
NFC is the short version of Near-Field communication.
This technology is ubiquitous nowadays and you have probably used it before. It is especially used in stores when you are buying groceries or other products with your card.
Instead of inserting your card, you can use your phone, or smartwatch and just hold it close to the reader and it scans the tag automatically. This process is called contactless payment and it is way faster than inserting your card and entering the pin.
Also, Bluetooth uses NFC to simplify the pairing process. Normally, you would have to enter a code to connect to a Bluetooth device, but by moving the mobile device next to the Bluetooth device, it will automatically pair.
NFC can also be used for authentication processes, meaning it works as a key.
The only problem is that this creates many security concerns.
Someone could capture your data while you're using the NFC tag as a key. Since it is sent over a wireless network, the data has to be encrypted. If this is not the case, a simple DoS attack could occur, which results in a hacker getting ahold of your data.
Another important issue is the applications that you've installed that use NFC for authentication.
If someone steals your phone, they could easily use the NFC tag to access all of your applications with this technology. Therefore, there has to be an extra layer of protection implemented.
Watering Hole Attack
Instead of infecting you directly, attackers infect a website that you are very likely to visit. Their goal is to target a specific group of people and then infect a third party's website, where these people will probably be on,
An easy example would be that an attacker targets a specific forum where cyber students regularly get their resources from.
This forum or third-party website is referred to as the watering hole.
Hackers hope that many students visit this website and "come and take a drink". Once the watering hole is infected, employees visit this website and are infected themselves.
To be successful, hackers have to get properly informed. They have to understand which website they can infect.
Another example.
If a hacker finds out where many employees like to order food from, like a popular restaurant around the corner, they can infect this website and as soon as the employees order their food or click on a specific link, their system is infected.
So basically, watering holes is a strategy where a specific group is targeted. But sometimes, hackers have to infect a site that many people visit, resulting in infecting everyone, but they're still hoping that their target is one of those victims.
How to Block and Allowed Specific Applications
We know that there are many ways to exploit a device, and this is why the security configurations have to be adjusted properly to prevent that from happening.
There are several configurations, for example, defining what applications are allowed and not allowed on the endpoint (devices). If you download an app from a website, this application can contain malicious software which would harm your device.
By implementing an "approved list", meaning a list of which applications you are allowed to download and which are not, nothing will run unless it is not approved.
Obviously, it is a very limited list, therefore you would have to contact the IT security team to download applications that are outside of that list.
An alternative would be a "block list". A list that specifies applications that are not allowed to be downloaded. This way, you can download anything that is not included in that block list.
However, if the security software detects potentially malicious software, then it gets removed from the system and placed in a "quarantine" area. This could be a folder on the design where no other applications run. Later the security team can look into the folder and go through an analysis process.
Cross-Site Request
When you click on a website, everything you see on this webpage is not necessarily coming from one single server. All the data you see can be pulled from different servers.
Let's say you want to cook something fancy for dinner and you found a great recipe on a website. Not only do you get the full description of how to properly prepare your meal, but there is also a video included and pictures from Instagram.
The browser is going to load the whole content but it's getting this information not just from the website server that you've clicked on. The actual plain text that was written on this page is coming from one specific server, the video however, could come from the YouTube web server, and the pictures that are included come from Pinterest or Instagram, which would be another one. That makes 3 servers.
Most people, don't think about where all this data is coming from, but it is quite interesting how many servers are included in this whole process. There is no need to log in to YouTube or Instagram because that information is provided to you via the website you are visiting.
Now, the term "Cross-Site Request Forgery" - is an attack that takes advantage of the trust a web application has for the user. What does that mean?
So if you already logged onto Instagram, every time you visit Instagram, it is your actual account that is visiting the page. Now, the hacker could get your computer to create a request on their behalf using your credentials.
For example, when a hacker sends you a link that forwards you to your Bank, and the link includes a specific request and you open it, it would immediately forward you to your Bank.
When you click on the link, it automatically sends the request that the attacker has made, without you realizing it.
Your bank's web server will only see you as the one who's making the request, sending all the information that "you" demanded (but you didn't) to the attacker, since you are properly logged in.