Joseph Steinberg - Cybersecurity For Dummies

Commercial purveyors of zero day malware have been known to charge over $1 million for a single exploit.

Ironically, some attackers don’t even bother to actually hack computers. Instead, they just send messages to would-be victims that the would-be victims’ computers are infected and that to re-secure the device the intended victims must pay some fee or purchase some security software. Sometimes criminals are able to display messages to such an effect in a pop-up window, and sometimes they keep things simple, and just send the messages via email.

Fake malware may be even more common on mobile devices than on laptops and other computers. For various technical reasons, it is harder to hack mobile devices, so many criminals go for the “low hanging fruit” and just pretend to have compromised devices in order to get would-be victims to pay up. There are even flavors of “mobile device ransomware” that display ransomware-type demands without ever having encrypted anything on the mobile device.

A type of social-engineering attack that exploits people’s desire to remain cybersecure (and that I have included in the malware section because it is directly related to protection against malware), is fake “renewal notices” from anti-malware product vendors. Email that says one’s security software subscription is expiring and asks users to click a link (don’t do it!) or to otherwise submit payment for a renewal, can closely parallel their legitimate counterparts. This sort of attack has become extremely common during the COVID-19 pandemic era during which many people worked from home and, more often than ever before, were responsible for making sure they had current security software subscriptions.

Many different types of attacks leverage vulnerabilities in servers, and new weaknesses are constantly discovered, which is why cybersecurity professionals have full-time jobs keeping servers safe. Entire books — or even several series of books — can be written on such a topic, which is, obviously, beyond the scope of this work.

That said, it is important for you to understand the basic concepts of server-based attacks because some such attacks can directly impact you.

One such form of attack is a poisoned web service attack, or a poisoned web page attack . In this type of attack, an attacker hacks into a web server and inserts code onto it that causes it to attack users when they access a page or set of pages that the server is serving.

For example, a hacker may compromise the web server serving www.abc123.com and modify the home page that is served to users accessing the site so that the home page contains malware.

But a hacker does not even need to necessarily breach a system in order to poison web pages!

If a site that allows users to comment on posts isn't properly secured, for example, it may allow a user to add the text of various commands within a comment — commands that, if crafted properly, may be executed by users’ browsers any time they load the page that displays the comment. A criminal can insert a command to run a script on the criminal’s website, which can receive the authentication credentials of the user to the original site because it is called within the context of one of that site’s web pages. Such an attack is known as cross-site scripting, and it continues to be a problem even after over a decade of being addressed.

As with web servers, many different types of attacks leverage vulnerabilities in network infrastructure, and new weaknesses are constantly discovered. The vast majority of this topic is beyond the scope of this book. That said, as is the case with poisoned web servers, you need to understand the basic concepts of server-based attacks because some such attacks can directly impact you. For example, criminals may exploit various weaknesses in order to add corrupt domain name system (DNS) data into a DNS server.

DNS is the directory of the Internet that translates human readable addresses into their numeric, computer-usable equivalents (IP addresses). For example, if you enter https://JosephSteinberg.com into your web browser, DNS directs your connection to an address taking the form of four numbers less than 256 and separated by periods, such as 104.18.45.53.

By inserting incorrect information into DNS tables, a criminal can cause a DNS server to return an incorrect IP address to a user’s computer. Such an attack can easily result in a user’s traffic being diverted to a computer of the attacker’s choice instead of the user’s intended destination. If the criminal sets up a phony bank site on the server to which traffic is being diverted, for example, and impersonates on that server a bank that the user was trying to reach, even a user who enters the bank URL into a browser (as opposed to just clicking on a link) may fall prey after being diverted to the bogus site. (This type of attack is known as DNS poisoning or pharming .)

Network infrastructure attacks take many forms. Some seek to route people to the wrong destinations. Others seek to capture data, while others seek to effectuate denial-of-service conditions. The main point to understand is that the piping of the Internet is quite complex was not initially designed with security in mind, and is vulnerable to many forms of misuse.

Malvertising is an abbreviation of the words malicious advertising and refers to the use of online advertising as a vehicle to spread malware or to launch some other form of a cyberattack.

Because many websites display ads that are served and managed by third-party networks and that contain links to various other third parties, online advertisements are a great vehicle for attackers. Even companies that adequately secure their websites may not take proper precautions to ensure that they do not deliver problematic advertisements created by, and managed by, someone else.

As such, malvertising sometimes allows criminals to insert their content into reputable and high-profile websites with large numbers of visitors (something that would be difficult for crooks to achieve otherwise), many of whom may be security conscious and who would not have been exposed to the criminal’s content had it been posted on a less reputable site.

Furthermore, because websites often earn money for their owners based on the number of people who click on various ads, website owners generally place ads on their sites in a manner that will attract users to the ads. As such, malvertising allows criminals to reach large audiences via a trusted site without having to hack anything.

Some malvertising requires users to click on the ads in order to become infected with malware; others do not require any user participation — users’ devices are infected the moment the ad displays.

Drive-by downloads is somewhat of a euphemism that refers to software that users download without understanding what they are doing. A drive-by download may occur, for example, if users download malware by going to a poisoned website that automatically sends the malware to the users’ device when they open the site.

Drive-by downloads also include cases in which users know that they are downloading software, but is not aware of the full consequences of doing so. For example, if a user is presented with a web page that says that a security vulnerability is present on their computer and that tells the user to click on a button that says “Download to install a security patch,” the user has provided authorization for the (malicious) download — but only because the user was tricked into believing that the nature of the download was far different than it truly is.