28h June 2020, Kathmandu
Web application security is one major component in web application development that often gets overlooked.
Let’s get a better insight into the cybersecurity sector from the executive member at npCert (Information Security Response Team Nepal) and Manager at Cryptogen Nepal, Mr. Ashok Gurung.
How can hackers use news and posts related to the Corona Virus to breach user security?
Coronavirus has become a global pandemic, so, everyone is keeping a close eye on the updates about its effect across the world. People want themselves to stay updated through news portals searching news headlines of all over the world.
Well, hackers, on the other hand, are always for trending and breaking news. This time, the trending news headings of Corona Virus have become one of the secure methods for them to lure users and get them into a phishing attack. Also, hackers can build their malicious website to show the latest updates on Coronavirus with beautiful cosmetics on which people fall and lead themselves to become the victim.
“For instance, several organizations have made dashboards to keep track of COVID -19, but the hackers can misuse those dashboards to inject malware into computers or mobile phones. Some of the cases indicate that hackers are using this map to steal information of users, including user name, password, credit card number, and other information stored in a browser”.
Suppose you use mobile phones for checking office emails along with other apps. This mobile phone becomes one of the leveraging points to steal your credentials. In this case, hackers can slightly change the link and route the user’s data, which we become unaware of. For example, the original link, i.e., https://cybersolution.com, can be modified somewhat as https://cybers0lution.com, and after clicking it, the hackers can do many dangerous tasks in your device.
Why has Coronavirus and information related to it become a wide-spread lure used by cybercriminals?
As we know that the Cybersecurity firm Proofpoint first noticed a strange email being sent to a customer in February. The message was purposed to be from a mysterious doctor claiming to have details about a vaccine being covered up by the Chinese or UK Governments. The Firm said that the people who click on the attached document are taken to a spoof webpage designed to harvest login details. It says up to 200,000 of the email are being sent at a time. Hackers need many years of study to hack or breach data. They need a massive investment of money, time, and dedication to cut information of a company or a user.
But this pandemic situation has become a honeypot for hackers because, with a small effort, people are easily trapped. In this situation, due to increased hacker activity, phishing attempts have gone up by three times, and the work from home infrastructure is also not much secured and mature. As the virus spreads across the globe, people are searching online for the latest information and updates on how it might affect them, and what they can do to protect themselves and their families. Cybercriminals are quick to take advantage of these concerns for their gain in this situation. It has been over 4,000 coronavirus-related domains registered globally since January. Out of these websites, 3% were found to be malicious, and an additional 5% are suspicious. Coronavirus- related fields are 50% more likely to be malicious than other areas registered in the same period.
What are the most common internet platforms that are vulnerable in this matter?
Most of the common internet platforms that are most vulnerable in this time might be social media sites, news portals, Online Portals, online payment gateway applications, websites, etc. Such web applications can be exploited for below vulnerabilities:
SQL Injections
SQL injection is a type of web application security vulnerability in which an attacker attempts to use application code to access or corrupt database content. If successful, this allows the attacker to create, read, update, alter, or delete data stored in the back-end database. SQL injection is one of the most prevalent types of web application security vulnerabilities.
Cross-Site Scripting (XSS)
Cross-site scripting (XSS) targets an application’s users by injecting code, usually a client-side script such as JavaScript, into a web application’s output. The concept of XSS is to manipulate client-side scripts of a web application to execute in the manner desired by the attacker. XSS allows attackers to execute scripts in the victim’s browser, which can hijack user sessions, deface websites, or redirect the user to malicious sites.
Broken Authentication & Session Management
Broken authentication and session management encompasses several security issues, all of them having to do with maintaining the identity of a user. If authentication credentials and session identifiers are not protected at all times, an attacker can hijack an active session and assume the identity of a user.
Insecure Direct Object References
The insecure direct object reference is when a web application exposes a reference to an internal implementation object. Domestic implementation objects include files, database records, directories, and database keys. When a claim presents a reference to one of these objects in a URL, hackers can manipulate it to gain access to a user’s data.
Security Misconfiguration
Security misconfiguration encompasses several types of vulnerabilities, all centered on a lack of maintenance or a lack of attention to the web application configuration. A secure configuration must be defined and deployed for the application, frameworks, application server, web server, database server, and platform. Security misconfiguration gives hackers access to private data or features and can result in a complete system compromise.
Cross-Site Request Forgery (CSRF)
Cross-Site Request Forgery (CSRF) is a malicious attack where a user is tricked into performing an action he or she didn’t intend to do. A third-party website will send a request to a web application that a user is already authenticated against (e.g., their bank). The attacker can then access functionality via the victim’s already confirmed browser. Targets include web applications like social media, in-browser email clients, online banking, and web interfaces for network devices.
What are the hazards of opening malicious links or sites related to Coronavirus, how can it affect the users?
The hazards of opening any malicious sites or links specially built to delude with coronavirus information can be anything. The links can simply redirect you to other malicious sites or URL’s which might not be harmful but annoying. However, if the website itself is dangerous, then it can be built in such a way that some malware, adware, trojan, or any other infectious applications will be downloaded and installed automatically in the user’s end-device.
They can do many of the harmful things like acting as a bot and communicate with command and control (CNC) servers which can take control of the user’s device, install keyloggers which can record all the keys being typed in the keyboard which only hackers can see, mine cryptocurrency, imitate legitimate site, steal sensitive information, encrypt the files in the system, paralyze the whole system not to let it operate normally and many more.
What kind of precautions can users take to save themselves from falling victims to such hazards during this pandemic time?
Well, during this Coronavirus pandemic time, all we are doing is to look for the latest news and updates about it around the world via online news portals and different websites. Often, we browse new sites that are beautifully designed, the exciting headlines, and any URLs sent by people over email or social media instant messages. And, we become the prey of the malicious acts of the hackers.
So, during this time, we should only follow the legitimate and authentic news portals and websites for the updates, check the complete URL carefully before opening, shouldn’t go to any link/site mentioned in email or messages even if known people send it, shouldn’t download applications from unknown websites, keep the security options like firewall enabled in the device and also have a good endpoint protection software (anti-virus) installed, updated and working against viruses and malware every time.
On top of every measure to prevent yourself from being victims, you must have the awareness about the cybersecurity things. If you are aware then, even if any malware or virus enters into your device, you can quickly respond to it appropriately before it does any harm or exfiltrate your data. So, being aware and having knowledge about it is the primary thing one should have.