Tuesday, February 26, 2013

Installing malicious software by exploiting online trust

The endgame of a hacker is to introduce malicious software onto a computer which can later be used for a wide variety of nefarious activities such as stealing user credentials to access social and financial sites or encrypting data on the computer followed by a ransom fee to decrypt it or using it for antisocial activities like spam, pornography and hacking.
Antivirus software, even those from well known brands are not effective against targeted or selective use of malicious malware as there are more suited for defense against mass viruses. Even, if these products are able to update their signature database for specific low volume malware, the process takes four weeks which is a long window of exposure.

The easiest way to introduce malicious software is to convince the user to download it by exploiting online trust networks.  Social networks and Email are two frequently used channels for such exploitation:
Social Networks

Social network can be compromised by using network trust to motivate a user. For example, a link forwarded by a friend is normally considered trusted and a user will click on it without much introspection as to the cyber risk. Introducing posts with malicious links into a social network friend’s circle is commonly undertaken through an anonymous profile or by hacking into a legitimate account.
A second option is to use a malicious third party application or exploiting a weakness in third party applications. For example, third-party applications for twitter help user to schedule tweets automatically. These applications are normally given permissions to read or write on behalf of the user on a social network. Hackers exploit weakness in these applications to introduce malicious posts or tweets.

Emails are used in a similar manner as social networks. Legitimate accounts are hacked into to send bulk email with malicious links.  Users assume the email has come from a trusted source and click on the link to download the malware. According to a recent blog post by Google, they saw “a single attacker using stolen passwords to attempt to break into a million different Google accounts every single day, for weeks at a time”. Google claims that this activity has reduced significantly in Gmail due to the use of risk based authentication and two step verification.


No comments:

Post a Comment