The endgame
of a hacker is to introduce malicious software onto a computer which can later
be used for a wide variety of nefarious activities such as stealing user
credentials to access social and financial sites or encrypting data on the
computer followed by a ransom fee to decrypt it or using it for antisocial
activities like spam, pornography and hacking.
Antivirus
software, even those from well known brands are not effective against targeted
or selective use of malicious malware as there are more suited for defense
against mass viruses. Even, if these products are able to update their
signature database for specific low volume malware, the process takes four
weeks which is a long window of exposure.
The easiest
way to introduce malicious software is to convince the user to download it by
exploiting online trust networks. Social
networks and Email are two frequently used channels for such exploitation:
Social
Networks
Social network
can be compromised by using network trust to motivate a user. For example, a
link forwarded by a friend is normally considered trusted and a user will click
on it without much introspection as to the cyber risk. Introducing posts with
malicious links into a social network friend’s circle is commonly undertaken
through an anonymous profile or by hacking into a legitimate account.
A second
option is to use a malicious third party application or exploiting a weakness in
third party applications. For example, third-party applications for twitter
help user to schedule tweets automatically. These applications are normally
given permissions to read or write on behalf of the user on a social network.
Hackers exploit weakness in these applications to introduce malicious posts or
tweets.
Emails
Emails are
used in a similar manner as social networks. Legitimate accounts are hacked
into to send bulk email with malicious links.
Users assume the email has come from a trusted source and click on the
link to download the malware. According to a recent
blog post by Google, they saw “a single attacker
using stolen passwords to attempt to break into a million different Google
accounts every single day, for weeks at a time”. Google claims
that this activity has reduced
significantly in Gmail due to the use of risk based authentication and two step
verification.