843-606-6255 | INFO@NETCERTPRO.COM

You clicked on what?!

Posted: January 27th, 2017

By: Jeremy Sonntag 1-27-17

What happens when you click on that link you shouldn't have? Well, almost anything could happen, but if you knew what was actually possible and even likely, then you might click a little more thoughtfully. Network security has advanced a lot over the years, so hackers are relying more on the human element. Humans are not updated as easily as computers are.

Basic anatomy of an exploit

Most commonly, bad actors will make use of known vulnerabilities in your software or operating system in order to run a specially crafted program. Typically, these are well known documented vulnerabilities that have been fixed by the software vendor (Microsoft, Adobe, etc). It takes some time for these bad guys to realize an error in popular software and develop a web capable bit of code that exploits that vulnerability. Their hope is that you have not installed the "fix" for your software because you don't have time or didn't even know you needed to. Let's call this a pinhole in your software. Once penetrated, this small program will go to work downloading and installing the "payload", the program that will do the heavy lifting. So the exploit of a vulnerability is the way in, and the payload is the program that will get installed on behalf of some malicious character.

Believe it or not, there are several highly developed software packages with great support and regular updates that, with a little training, make playing the hacker role fairly easy to accomplish.

But all of this has to be initiated somehow. It is VERY difficult and increasingly more rare to encounter a direct attack without the help of a willing or unknowing participant on the inside. They need your help. End-user for hire.

What's Possible?

Once the attacker's payload has been downloaded and installed onto your system, the possibilities are limited only by the creativity of the developers. Some common applications incorporate keystroke loggers, remote control software, data mining tools, zombied / botnet node and the newest popular variant, "ransomware".

Key Loggers

Key logging software at its most basic level logs your keystrokes, organizes them into a database and transmits the information back to the attacker. Often, this software does much more, such as tracking the website you visited when typing those keys (ie passwords), screenshots, etc. Essentially, they can grab every action you carry out on your computer, disclosing everything to their eyes.

Remote Control Software

It's not difficult for a remote control type software like VNC to get deployed to your computer in an attacker's payload. This software can enable them live access to either watch you use the computer, take control or even take control via background services so that you're not aware it is happening. IT professionals use this exact technology for helpful / productive purposes but it is plain to see how this might be used maliciously.

Data mining tools

Another specialty type software can roam your computer looking for "interesting" information, such as credit card numbers, driver's licenses, social security numbers, phone numbers, addresses and more. You might think you don't have any of this info stored in your computer but sometimes webpages will keep certain things cached in your history, "cookies", or temp files for your "convenience". These types of data can be valuable in the identity theft game. For example, with the right set of info on you, an attacker might setup a large loan in your name which you become responsible for.

Zombie Computer / Botnet Node

Your computer could be enlisted to serve in a zombie army or botnet which may help a hacker carry out several types of distributed attacks. These attacks source from your zombied computer and others like it so that there is no central point from where the attack originated, not to mention huge power in great numbers. This is often the source of spam (decentralized spam is more difficult to block) as well as how DDoS attacks are executed. Distributed Denial of Service attacks are when a large botnet all send internet traffic to the same place, completely overloading the capabilities of the network / server, effectively bringing it offline.




I cover ransomware in this article, specifically discussing a variant called "Cryptolocker". The concept holds true throughout. Ransomeware is becoming very popular now and devastating to companies that are not prepared, and even to those who are.


Social Engineering

Don't click on unknown links. Simple right? It's not as easy as you would think. Bad actors have become incredibly clever, utilizing modern psychology with great success in their execution. The most common method is by way of email or "phishing" where specially crafted emails are sent off that can be completely irresistible. "Pfff!" you say? Once you can think past the nasty motives of an attacker, and take a look at the psychology used, the techniques are highly advanced and incredibly effective.

A couple interesting terms / strategies are "spear phishing", where particular types of people are targeted such as accountants, or HR employees. Another is "whaling" where the CEO or other big players in the company are targeted. A simple tactic might target the accountant claiming that some account is past due and will be canceled. "Click here to resolve", or something about changes in the health care laws, taxes and so on. "Well, how do they know who the accountant or CEO is?" you might say. This type of information is found all over the web, sometimes even on the company website, otherwise, various social media sites, LinkedIn, Facebook or other business related or news type sites. That type of information is going to find its way to the internet somehow.


Now, how can we justify even connecting our computers to the internet after absorbing this new information?

The first step, and this one should be easy; keep your software up to date!

The most common mistake I see is when people put all their trust in their antivirus software. Antivirus is merely a supplemental tool that ATTEMPTS to catch malicious software that has surpassed all other means of protection.

This may sound cliche and obvious but it needs to be said. The best defense against these attacks is education and awareness. We have all become keen to the telemarketing scams because they have been around a long time so it is rare that they are successful. Education and awareness has secured people from this scam. Not technology. We can use technology to try and close the gap but the human is the weakest point, so that is where the attacker will focus his efforts. One could start by following popular tech / security pros in social media, or tech related news sites. New malware and phishing types are regularly reported on. After some time of reading these articles and noticing examples of phishing attempts in your own email you will begin to recognize them.

Know these things...

Email is inherently insecure. Don't trust it. There is no way to guarantee who has sent you an email. Well, there is but it requires effort and expertise.

Most phishing emails have a pretty basic objective. They need to convince you to complete a task for them. Know this short list of tasks so you know what to watch for.

1. Click a link

Do not click on links in your email unless you are completely sure of the source.

2. Open an attachment

Do not open attachments unless you are completely sure of the source.

3. Provide information

Sometimes these emails are just looking for information like passwords or other confidential info. This sort of info should never be transmitted by you via email. You're provider might send you temporary passwords but they will never ask for them in this way. Your Boss or family member will never ask for a wire transfer via email.

If you are not sure of an email, Ask someone. Call the person email the is coming from, or ask an expert.

Be vigilant with emails. Build awareness within your company about the threat of email.