There are a number of ways a hacker can target any of your systems, networks and devices. Here are a few methods that someone intent on hacking you can use to invade your life, business and personal information. Follow the guide lines below to reduce the chances of you becoming a target
1. Client side attack:
A client side attack is when an attacker gets the target, to give them pysical access to your network or system using trickery. Many times the attacker will do their recon, then start to create the attack simulation. They will build multiple payloads and deploy them in many different ways. Payloads are then installed on various different devices. This could be anything from a simple programmed memory card, left laying around close to the target. The attacker could also send encrypted payloads through email using various different encoding methods. The attacker could also log onto to your router at home (IF YOUR PASSWORD IS WEAK). The attacker can then monitor all of your devices to see what devices he could execute something called cross site scripting XSXF. There are many ways that a target can get "Tripped Up". By simply clicking a link on a social media site you could inadvertantly allow someone access to your device or router. Using this type of attack an attacker could sit anywhere in the world and devastate your privacy. They could access your mobile phone and use it as you can. Full functional use including downloading all of your contents.
How to stop this type of attack? Ensure all passwords include upper case, lower case, numbers, slashes and hashes. If possible create strange sentences for your passwords. This greatly reduces the chances of loosing all of your privacy.
2. Remote access with remote code execution.
This method of access is somewhat harder for the untrained hacker. This method of hacking is a very complex way of generating a coded file that once sent remotley allows you access to the target computer. These kind of exploits normally work on system that are out of date. On systems that have not been updated. These attacks are harder to find, they can lay dormant n a system, once activated they have a devastating effect on any network or system and will have a constant total effect untill the files have been found and removed. If you have been accessed remotley you may never find this type of attack. Especially if the attacker has an in depth knowledge with code and has written the code in a new programming language invented by the code creator. The only way to prevent against this type of attack is to make sure that you update all of the systems and programs in your network before they become out of date and vulnerable.
How to stop this type of attack? Ensure that all of the systems you operate not only have a secure password but to ensure all of your systems are updated with the manufacturer as soon as a vulnerability is exposed. Doing this will reduce the probability of having your network or computer infiltrated by a Hacker.
3. Sql injection used on websites.
SQL Injection (SQLi) is a type of an injection attack that makes it possible to execute malicious SQL statements. These statements control a database server behind a web application. Attackers can use SQL Injection vulnerabilities to bypass application security measures. They can go around authentication and authorization of a web page or web application and retrieve the content of the entire SQL database. They can also use SQL Injection to add, modify, and delete records in the database.
An SQL Injection vulnerability may affect any website or web application that uses an SQL database such as MySQL, Oracle, SQL Server, or others. Criminals may use it to gain unauthorized access to your sensitive data: customer information, personal data, trade secrets, intellectual property, and more. SQL Injection attacks are one of the oldest, most prevalent, and most dangerous web application vulnerabilities. The OWASP organization (Open Web Application Security Project) lists injections in their OWASP Top 10 2017 document as the number one threat to web application security.
How and Why Is an SQL Injection Attack Performed!
To make an SQL Injection attack, an attacker must first find vulnerable user inputs within the web page or web application. A web page or web application that has an SQL Injection vulnerability uses such user input directly in an SQL query. The attacker can create input content. Such content is often called a malicious payload and is the key part of the attack. After the attacker sends this content, malicious SQL commands are executed in the database.
SQL is a query language that was designed to manage data stored in relational databases. You can use it to access, modify, and delete data. Many web applications and websites store all the data in SQL databases. In some cases, you can also use SQL commands to run operating system commands. Therefore, a successful SQL Injection attack can have very serious consequences.
- Attackers can use SQL Injections to find the credentials of other users in the database. They can then impersonate these users. The impersonated user may be a database administrator with all database privileges.
- SQL lets you select and output data from the database. An SQL Injection vulnerability could allow the attacker to gain complete access to all data in a database server.
- SQL also lets you alter data in a database and add new data. For example, in a financial application, an attacker could use SQL Injection to alter balances, void transactions, or transfer money to their account.
- You can use SQL to delete records from a database, even drop tables. Even if the administrator makes database backups, deletion of data could affect application availability until the database is restored. Also, backups may not cover the most recent.
- In some database servers, you can access the operating system using the database server. This may be intentional or accidental. In such case, an attacker could use an SQL Injection as the initial vector and then attack the internal network behind a firewall.
- There are several types of SQL Injection attacks: in-band SQLi (using database errors or UNION commands), blind SQLi, and out-of-band SQLi. You can read more about them in the following articles: Types of SQL Injection (SQLi), Blind SQL Injection: What is it.
How to Prevent an SQL Injection
The only sure way to prevent SQL Injection attacks is input validation and parametrized queries including prepared statements. The application code should never use the input directly. The developer must sanitize all input, not only web form inputs such as login forms. They must remove potential malicious code elements such as single quotes. It is also a good idea to turn off the visibility of database errors on your production sites. Database errors can be used with SQL Injection to gain information about your database.
If you discover an SQL Injection vulnerability, for example using an Acunetix scan, you may be unable to fix it immediately. For example, the vulnerability may be in open source code. In such cases, you can use a web application firewall to sanitize your input temporarily.
To learn how to prevent SQL Injection attacks in the PHP language, see: Preventing SQL Injection Vulnerabilities in PHP Applications and Fixing Them. To find out how to do it in many other different programming languages, refer to the Bobby Tables guide to preventing SQL Injection.
4. DNS Spoofing
Also known as DNS spoofing, DNS cache poisoning is an attack designed to locate and then exploit vulnerabilities that exist in a DNS, or domain name system, in order to draw organic traffic away from a legitimate server and over to a fake one. The threat of DNS cache poisoning made the news earlier this year in April when crypto giant MyEtherWallet’s DNS servers were hijacked and redirected legitimate users over to a phishing website.
As a result of the cache poisoning, multiple users were deceived into giving up their wallet keys before transferring their cryptocurrencies into another digital wallet associated with the hackers. All in all, the hackers stole around a hundred and sixty thousand dollars worth of Ethereum before the problem was identified and stopped.
This is just one example that illustrates how dangerous DNS cache poisoning can be. Another reason this kind of attack is dangerous is because it can easily spread from one DNS server to the next. In this article, we’ll cover the subject of how DNS cache poisoning works and then some solutions you can apply to stop it should it ever happen to you.
How Does DNS Cache Poisoning Work?
Each time your browser contacts a domain name, it has to contact the DNS server first. Domain Name Servers (DNS) are the Internet's equivalent of a phone book. They maintain a directory of domain names and translate them to Internet Protocol (IP) addresses. This is necessary because, although domain names are easy for people to remember, computers or machines, access websites based on IP addresses.
The server will then respond with at least one IP address (but usually more) for your computer to reach the domain name. Once your computer connects to the IP address, the DNS converts the domain name into an IP address that your computer can read. Right now, your internet service provider is running multiple DNS servers, each of which caches (or saves) information from other servers as well. The Wi-Fi router you have in your home essentially acts like a DNS server as well, as it caches information from the servers of your ISP.
A DNS cache is “poisoned” when the server receives an incorrect entry. To put this into perspective, it can occur when a hacker gains control over a DNS server and then changes information in it. For instance, they may modify the information so that the DNS server would tell users to look for a certain website with the wrong address. In other words, the user would be entering the ‘correct’ name of the website, but then be sent to the wrong IP address, and specifically, to a phishing website.
Earlier, we mentioned that one of the reasons why DNS cache poisoning is dangerous is because how quickly it can spread from one DNS server to the next. This is accomplished if and when multiple internet service providers are receiving their DNS information from the now hacker controlled server, which results in the ‘poisoned’ DNS entry spreading to those ISPs to be cached.
From that point on, it can spread to other DNS servers and home routers as well as computers will look up the DNS entry only to receive the wrong response, resulting in more and more people becoming a victim of the poisoning. Only once the poisoned cache has been cleared on every affected DNS server will the issue be solved.
How To Protect Against DNS Cache Poisoning
One of the tricky aspects of DNS cache poisoning is that it will be extremely difficult to determine whether the DNS responses you receive are legitimate or not. In the case of My Ethereum Wallet, they had very limited means to prevent the situation from occurring, and the issue was ultimately solved by their server providers.
Fortunately, there are still a number of measures that your organization can take to prevent such an attack from happening to you, so you should not be under the impression that DNS cache poisoning is impossible or nearly impossible to prevent.
For example, one thing you should do is have your DNS servers configured by an IT professional to rely very little on relationships with other DNS servers. This makes it much harder for a cyber-criminal to use their DNS server to corrupt their targets, meaning your own DNS server is less likely to be corrupted, and therefore you (and everyone in your organization) are less likely to be redirected to an incorrect website.
You can furthermore have your DNS servers configured to only store data that are related specifically to the requested domain and to limit query responses to only provide information that concerns the requested domain as well. The idea is that the server will be set up so that required services are the only ones permitted to run. By having additional services that are not required to run on your DNS server, you greatly increase the odds of an attack happening.
You should also ensure that the most recent version of the DNS is being utilized. This is because the most recent versions will use security features such as port randomization and transaction IDs that are cryptographically secure to help guard against poisoning attacks.
Another important defense against DNS cache poisoning, as MyEtherWallet advised in an announcement following the attack that occurred back in April 2018, is to look for the company’s name in the address bar (so in their case ‘MyEtherWallet Inc’).
This means the site is using an EV SSL/TLS certificate. This would help prevent people from falling victim to a poisoning attack, because they would make sure not to enter their personal details in to a hacker’s website. Not all companies use EV on their websites, so this isn’t a foolproof measure, but it can be a helpful tool when trying to determine if you’re on the right site.
An SSL/TLS certificate is simply a small data file installed on a web server that can bind the details of your organization to a cryptographic key. After it has been installed, the certificate will activate HTTPS protocol to enable a secure and encrypted connection between a browser and your web server. In the case of EV SSL/TLS Certificates, some of those organization details, including the company name as mentioned above, will be presented directly in the browser UI.
How does a man-in-the-middle attack work?
How does this play out? Let’s say you received an email that appeared to be from your bank, asking you to log in to your account to confirm your contact information. You click on a link in the email and are taken to what appears to be your bank’s website, where you log in and perform the requested task.
In such a scenario, the man in the middle (MITM) sent you the email, making it appear to be legitimate. (This attack also involves phishing, getting you to click on the email appearing to come from your bank.) He also created a website that looks just like your bank’s website, so you wouldn’t hesitate to enter your login credentials after clicking the link in the email. But when you do that, you’re not logging into your bank account, you’re handing over your credentials to the attacker.
MITM attacks: Close to you or with malware
Man-in-the-middle attacks come in two forms, one that involves physical proximity to the intended target, and another that involves malicious software, or malware. This second form, like our fake bank example above, is also called a man-in-the-browser attack.
Cybercriminals typically execute a man-in-the-middle attack in two phases — interception and decryption.
With a traditional MITM attack, the cybercriminal needs to gain access to an unsecured or poorly secured Wi-Fi router. These types of connections are generally found in public areas with free Wi-Fi hotspots, and even in some people’s homes, if they haven’t protected their network. Attackers can scan the router looking for specific vulnerabilities such as a weak password.
Once attackers find a vulnerable router, they can deploy tools to intercept and read the victim’s transmitted data. The attacker can then also insert their tools between the victim’s computer and the websites the user visits to capture log in credentials, banking information, and other personal information.
A successful man-in-the-middle attack does not stop at interception. The victim’s encrypted data must then be unencrypted, so that the attacker can read and act upon it.
What is a man-in-the-browser attack?
With a man-in-the-browser attack (MITB), an attacker needs a way to inject malicious software, or malware, into the victim’s computer or mobile device. One of the ways this can be achieved is by phishing.
Phishing is when a fraudster sends an email or text message to a user that appears to originate from trusted source, such as a bank, as in our original example. By clicking on a link or opening an attachment in the phishing message, the user can unwittingly load malware onto their device.
The malware then installs itself on the browser without the user’s knowledge. The malware records the data sent between the victim and specific targeted websites, such as financial institutions, and transmits it to the attacker.
7 types of man-in-the-middle attacks
Cybercriminals can use MITM attacks to gain control of devices in a variety of ways.
1. IP spoofing
Every device capable of connecting to the internet has an internet protocol (IP) address, which is similar to the street address for your home. By spoofing an IP address, an attacker can trick you into thinking you’re interacting with a website or someone you’re not, perhaps giving the attacker access to information you’d otherwise not share.
2. DNS spoofing
Domain Name Server, or DNS, spoofing is a technique that forces a user to a fake website rather than the real one the user intends to visit. If you are a victim of DNS spoofing, you may think you’re visiting a safe, trusted website when you’re actually interacting with a fraudster. The perpetrator’s goal is to divert traffic from the real site or capture user login credentials.
3. HTTPS spoofing
When doing business on the internet, seeing “HTTPS” in the URL, rather than “HTTP” is a sign that the website is secure and can be trusted. In fact, the “S” stands for “secure.” An attacker can fool your browser into believing it’s visiting a trusted website when it’s not. By redirecting your browser to an unsecure website, the attacker can monitor your interactions with that website and possibly steal personal information you’re sharing.
4. SSL hijacking
When your device connects to an unsecure server — indicated by “HTTP” — the server can often automatically redirect you to the secure version of the server, indicated by “HTTPS.” A connection to a secure server means standard security protocols are in place, protecting the data you share with that server. SSL stands for Secure Sockets Layer, a protocol that establishes encrypted links between your browser and the web server.
In an SSL hijacking, the attacker uses another computer and secure server and intercepts all the information passing between the server and the user’s computer.
5. Email hijacking
Cybercriminals sometimes target email accounts of banks and other financial institutions. Once they gain access, they can monitor transactions between the institution and its customers. The attackers can then spoof the bank’s email address and send their own instructions to customers. This convinces the customer to follow the attackers’ instructions rather than the bank’s. As a result, an unwitting customer may end up putting money in the attackers’ hands.
6. Wi-Fi eavesdropping
Cybercriminals can set up Wi-Fi connections with very legitimate sounding names, similar to a nearby business. Once a user connects to the fraudster’s Wi-Fi, the attacker will be able to monitor the user’s online activity and be able to intercept login credentials, payment card information, and more. This is just one of several risks associated with using public Wi-Fi. You can learn more about such risks here.
7. Stealing browser cookies
To understand the risk of stolen browser cookies, you need to understand what one is. A browser cookie is a small piece of information a website stores on your computer.
For example, an online retailer might store the personal information you enter and shopping cart items you’ve selected on a cookie so you don’t have to re-enter that information when you return.
A cybercriminal can hijack these browser cookies. Since cookies store information from your browsing session, attackers can gain access to your passwords, address, and other sensitive information.
How to help protect against a man-in-the-middle attack
With the amount of tools readily available to cybercriminals for carrying out man-in-the-middle attacks, it makes sense to take steps to help protect your devices, your data, and your connections. Here are just a few.
- Make sure “HTTPS” — with the S — is always in the URL bar of the websites you visit.
- Be wary of potential phishing emails from attackers asking you to update your password or any other login credentials. Instead of clicking on the link provided in the email, manually type the website address into your browser.
- Never connect to public Wi-Fi routers directly, if possible. A VPN encrypts your internet connection on public hotspots to protect the private data you send and receive while using public Wi-Fi, like passwords or credit card information.
- Since MITB attacks primarily use malware for execution, you should install a comprehensive internet security solution, such as Norton Security, on your computer. Always keep the security software up to date.
- Be sure that your home Wi-Fi network is secure. Update all of the default usernames and passwords on your home router and all connected devices to strong, unique passwords.
In our rapidly evolving connected world, it’s important to understand the types of threats that could compromise the online security of your personal information. Stay informed and make sure your devices are fortified with proper security.