Common Sneak Attacks Used By Sophisticated Hackers

Finjan TeamBlog, Cybersecurity

Finjan Common Sneak Attacks Used By Sophisticated Hackers

Even though malicious actors continue to score successes by using time-honored cyber-attack techniques preying on the greed, ignorance, poor judgment, or lack of virtual “street smarts” of unsuspecting users, recent years have seen an evolution in hacker methodology.

Sophisticated technologies and frankly ingenious uses of simple ideas are empowering a new breed of hacker, and new strains of malware. In this article, we’ll be looking at some of the more common stealth-based “sneak attacks” being perpetrated by these advanced assailants.

1. Bait and Switch Ploys

One of the oldest tricks in the book, given an online/digital twist: Show your target something they’ll really want – then switch it out at the last minute, with something they’d probably be willing to pay you, to get rid of.

These ploys are a favorite of cyber-criminals who target paid advertising networks. They’ll create a genuine-looking credential and URL trail to fool network administrators into selling them commercial space – but once the ads go live, unsuspecting visitors following their links will end up on booby-trapped websites laced with malware, subscription forms that scoop up personal information, etc.

The scam works with giveaways as well, such as site emblems or hit counters – the underlying code of which may be malicious in one way or another.

Due diligence, “buyer beware” caution, and the will to resist “too good to be true” offers are your best protection, here.

2. Cookie Theft

Those little text files or “cookies” that websites and portals deposit in your browser or application cache are intended to make it easier for you to log into your various accounts or experience sites according to your pre-set environment conditions.

They do this by storing details such as your password and other personally identifiable information (PII). And if the sites you visit aren’t properly secured, this may be done in the form of plain text, which can be clearly read by anyone who gets access to those cookies. Which is why stealing them is an attractive prospect for hackers.

Cookie theft isn’t a complex task. These days, there are specialist utilities for doing it automatically.

Preventing cookie theft relies on you keeping your device physically out of unauthorized hands. Digitally, visiting only sites that use secure data transfer protocols like TLS or SSL (and verifying the locked padlock icon and https:// prefix before URLs) are recommended practices.

Clearing your browser and app caches regularly is also wise. And using a Virtual Private Network or VPN provides encryption and added protection while you’re online.

3. Drive-By Downloads

Booby-trapped websites are a popular attacking tool, and cyber-criminals can set up pages rigged with malicious code that exploits the vulnerabilities that they’ve studied and identified in web browsers and web-enabled applications.

Once a visitor with a vulnerable browser or app visits the hacker’s site, this code can automatically download and activate malware on the user’s machine without their knowledge, in a so-called “drive-by download”.

“Incautious” and “unprotected” are the two conditions to avoid, to keep yourself safe. Drive-by download sites attract visitors by invitation – so exercise some due diligence with those too good to be true offers and opportunities. Having an up to date anti-virus/anti-malware suite and a personal firewall application on your device provides layers of digital protection against malicious code.

4. Fake Wireless Access points (WAPs)

With the words “free public WiFi” and “hotspot” now hardwired into users’ DNA to trigger a mad rush to browse, shop, and hashtag stuff, hackers have long appreciated the advantages of setting up fake wireless access points (WAPs) and waiting for all those suckers to log in.

Then, using keyloggers, sniffing tools, and other data mining techniques, they can scour the unsecured networks they’ve put in place for user credentials, financial information, intellectual property, or pretty much whatever they want.

Check with employees or management of the hotspot’s location as to the real name and login procedures for their authorized network, restrict your online activities to sites and transactions that don’t require you to enter sensitive information, and use a VPN to encrypt and isolate your connection, and you should be safe enough.

5. File Renaming

The limitations of computer operating systems to distinguish between the syntax of similar file names has been a gift to hackers since the dawn of the digital age.

Hiding the extensions for executable files or scripts (.exe, .js and so on) in run-on file names that present themselves as innocent image, text, or media files is a great way of concealing the presence of malware. And special Unicode characters like the Right to Left Override (U+202E) allow today’s sophisticated hackers to shift the extensions for malware within the file name itself.

Your best defense is knowing the precise nature and name of the files you receive and use. If you’re unsure, verify their origins from the source – and don’t use them unless you’re certain of what they are.

6. Lousy Hosts

The Windows operating system includes a file called Hosts, which is related to the DNS (Domain Name System), and was originally used to resolve names and IP addresses without having to connect to a DNS server.

Sophisticated hackers and malware can write their own amendments to the Hosts file, which will redirect users to malicious sites if they type in a common domain name. The redirect typically leads to a duplicate site that’s been designed to look like the real thing.

Taking regular safe backups of your system will give you a basis for comparing the current state of your Hosts file with its previous (secure) condition.

7. Malvertising

Pop-ups and sidebars advertising various commodities have become a recognized and accepted part of the digital landscape – and that’s why cyber-criminals are using them as a tool for plying their own trade.

“Malvertising” or malicious advertising may operate through direct action (clicking on a panel triggers a download of malware) or as “click-bait” leading to spoofed or booby-trapped sites where malware is delivered, or personal and financial information may be extracted by various means.

Security software (anti-malware and personal firewalls) will protect you to some extent, but common sense, caution, and an ability to resist temptation will serve you better.

8. Man-in-the-Middle (MitM) Attacks

Sophisticated hackers can intercept the data stream between two communicating parties on an unsecured network, without being detected. In these “man-in-the-middle” (MitM) attacks, the attacker may eavesdrop on what’s being said, insert their own input to corrupt or confuse matters, or even hijack a session entirely.

Securing the connection between server (sender) and client (recipient) is essential to avoiding this, and using a VPN guarantees encryption and security between the two.

9. Relative vs. Absolute Location

A problem mainly peculiar to legacy versions of Windows (other operating systems having rectified it, to a large extent), this exploits the tendency for vulnerable systems to search for files that you specify by beginning in the current directory.

This fault may be exploited by cunning hackers who (by eavesdropping, packet sniffing, or other methods of surveillance) establish the folders, files, and applications you habitually use, and succeed in substituting their own malicious files or apps for those in your habitual directories. Conduct a search, and you could find yourself running malware, or opening files you really shouldn’t.

Upgrading your operating system to one that uses absolute location (specific directory names, default system areas, initially) is your solution to this problem.

10. Spear Phishing

Clever social engineering tactics have given the traditional practice of phishing (using tempting, threatening, or compelling email messages to lure unsuspecting recipients to divulge personal and financial information, open attachments, or visit spoofed websites) an added bite.

By studying the work habits, contacts, and online activities of high-value targets, sophisticated hackers are now crafting tailored email lures for their victims, often with a specific objective in mind. Senders masquerading as known and trusted associates (or using their hacked email accounts) can send out legitimate-seeming requests for business and financial information, money, or intellectual property – with a greater likelihood of receiving a favorable response.

Verification is your best defense, here. If you’re unsure that the sender of a message is genuine – or if the content of the message itself is dubious – contact the supposed source directly, by some other means. Mobile phones aren’t just for email, and physical offices still exist.

11. Watering Hole Attacks

Just as spear phishing targets victims based on their expected or habitual behaviors, watering hole attacks target their victims based on the websites where they usually hang out.

Entertainment sites, social media platforms, popular WiFi hotspots, online marketplaces, and e-commerce portals: These are common “watering holes” where large groups of potential victims may be known to gather – and the kind of sites that sophisticated hackers create spoofed duplicates of, to distribute malware or harvest data from by recording keystrokes or the input of online forms and text boxes.

Awareness of the potential risks and due diligence are key to user protection, here. Threat intelligence and security awareness training are advisable for individual and corporate users, alike.

Share this Post

Finjan Common Sneak Attacks Used By Sophisticated Hackers
Article Name
11 Common Sneak Attacks Used By Sophisticated Hackers
Sophisticated technologies and ingenious uses of simple ideas are empowering a new breed of hacker & new strains of stealth-based malware for sneak attacks.
Publisher Name
Publisher Logo