Unit iii: Common Hacking Techniques

UNIT III: Common Hacking
Techniques
Off-Line Credential-Stealing Attacks: Phishing, Vishing, Malware and Pharming.
On-Line Credential-Stealing Attack: Spyware, Logging Worms, Trojans, In
Session Phishing Attacks.

What is a Credential-Based Attack?
• Credential based attacks occur when attackers steal credentials to
gain access, bypass an organizations security measures, and steal
critical data.
• Credential theft, the first stage of a credential-based attack, is the
process of stealing credentials. Attackers commonly use phishing for
credential theft, as it is a fairly cheap and extremely efficient tactic.
The effectiveness of credential phishing relies on human interaction
in an attempt to deceive employees, unlike malware and exploits,
which rely on weaknesses in security defenses.

What is a Credential-Based Attack?
• Corporate credential theft is usually a targeted effort. Attackers scour
social media sites such as LinkedIn, searching for specific users
whose credentials will grant access to critical data and information.
The phishing emails and websites utilized in corporate credential
theft are much more sophisticated than those used for consumer
credential theft. Attackers put a great deal of effort into making these
emails and websites look nearly identical to legitimate corporate
applications and communications.

Phishing
• Due to the lack of adoption of multi-factor authentication and poor
password best practices, the number of credential thefts by way of
phishing has grown exponentially. Phishing attacks are often carried out
when a cybercriminal poses as part of the users’ social or professional
networks – either as an individual or entity, such as a bank – and directs
targets to enter personal information at a fraudulent website that matches
the looks of the legitimate site. Additionally, attackers oftentimes use
phishing attacks to plant malware on systems and gain full unauthorized
access to sensitive data.

Types of phishing include spear phishing,
whaling and clone phishing.
• Spear phishing involves the targeting of specific organizations or individuals to steal
sensitive information such as account credentials. In this type of attack, hackers
disguise themselves as trustworthy identities and typically access sensitive information
via email-spoofing or by infiltrating other online messaging systems.
• Whaling is a type of spear phishing attack aimed at C-suite executives within an
organization and often impersonate customer complaints or personal issues.
• Clone phishing is carried out by stealing a previously delivered email containing an
attachment and/or link and then using it to create a similar or “cloned” email with the
intent of gaining access to privileged credentials. Within these, the attachments/links
are replaced with malicious versions and the email address is slightly altered to deceive
the recipient.

Vishing
• Vishing, a combination of ‘voice’ and ‘phishing,’ is a phone scam designed to get you to share
personal information. In 2018, phishing crimes cost victims $48 million, according to the FBI’s
Internet Crime Complaint Center.
• During a vishing phone call, a scammer uses social engineering to get you to share personal
information and financial details, such as account numbers and passwords. The scammer might
say your account has been compromised, claim to represent your bank or law enforcement, or
offer to help you install software. Warning: It's probably malware.
• Vishing is just one form of phishing, which is any type of message — such as an email, text,
phone call or direct-chat message — that appears to be from a trusted source, but isn’t. The goal
is to steal someone's identity or money.
• It’s getting easier to contact more people, too. Scammers can place hundreds of calls at a time
using voice over internet protocol (VoIP) technology and can spoof the caller ID to make the call
appear to come from a trusted source, such as your bank.

Common vishing scams
• “Compromised” bank or credit card account
Whether it’s a person or a prerecorded message on the other end, you’ll be told there’s
an issue with your account or a payment you made. You may be asked for your login
credentials to fix the problem or asked to make a new payment. Instead of giving out your
info, hang up and call your financial institution on their publicly available number.
• Unsolicited loan or investment offers
Scammers will call with offers that are too good to be true. They'll say, for example, that
you can earn millions of dollars on one small investment, pay off all your debt with one
quick fix, or get all your student loans forgiven in one fell swoop. Typically, you must “act
now” and will need to pay a small fee. Don't fall for it. Legitimate lenders and investors
won't make these types of offers and won't initiate contact out of the blue.

Common vishing scams
• Medicare or Social Security scam
Phone calls are the No. 1 method scammers use to reach older adults, according to the
Federal Trade Commission. Crooks pose as Medicare reps — often during Medicare
open enrollment season — and try to glean financial information from the victim, such as
their Medicare number or bank account details. Then the scammer will either fraudulently
use the victim's Medicare benefits or steal their money.
• IRS tax scam
There are many variations of this type of scam, but typically, you'll receive a prerecorded
message. It tells you something's wrong with your tax return and if you don't call back, a
warrant will be issued for your arrest. Scammers usually pair this with a spoofed caller ID
made to look like the call is coming from the IRS.

How to spot a vishing scam
Here are some of the tell-tale signs of a vishing scam:
• The caller claims to represent the IRS, Medicare, or the Social Security Administration. Unless you've
requested contact, none of these federal agencies will ever initiate contact with you by email, text
messages, or social media channels to request personal or financial information. In fact, be skeptical of
anyone who calls you with an offer.
• There's a frantic sense of urgency. Scammers will try to tap into your sense of fear, using threats of arrest
warrants and problems with your account. If you get one of these phone calls, remain calm and never give
out your own information. Hang up and do your own investigation.
• The caller asks for your information. They may ask you to confirm your name, address, birth date, Social
Security number, bank account info, and other identifying details. To trick you into thinking they're legit, they
may even have some of this info on hand. The goal is to get the remaining info that they don't have yet.

Malware
• Malicious software, more commonly known as malware, is a threat to your devices and your
cybersecurity. It’s software that cyber attackers develop to gain access or cause damage to a
computer or network, usually without the victim’s knowledge.
What is a malware attack?
• A malware attack is when cybercriminals create malicious software that’s installed on someone
else’s device without their knowledge to gain access to personal information or to damage the
device, usually for financial gain. Different types of malware include viruses, spyware,
ransomware, and Trojan horses.
• Malware attacks can occur on all sorts of devices and operating systems, including Microsoft
Windows, macOS, Android, and iOS.
• At least one type of malware attack is growing. Mobile ransomware attacks increased by a third
in 2018 from the previous year. Most of those attacks occurred in the United States.

Types of malware attacks
• Exploit kit
• Exploit kits are malicious toolkits that attackers use to search for software vulnerabilities on a
target’s computer or mobile device. The kits come with prewritten code that will search for
vulnerabilities. When a vulnerability is found, the kit can inject malware into the computer
through that security hole. This is a highly effective malware attack variety, and one of the
reasons why it is so important to run software updates as soon as they become available in
order to patch security flaws.
• Malicious websites and drive-by-downloads
• A drive-by-download is a download that occurs when a user visits a malicious website that is
hosting an exploit kit for malware attacks. There is no interaction needed on the user’s part other
than visiting the infected webpage. The exploit kit will look for a vulnerability in the software of
the browser, and inject malware via the security hole.

• Malvertising
• Malicious advertising — malvertising, for short — is a threat that’s popular among
cybercriminals. The cybercriminal will purchase legitimate advertising space on legitimate
websites, but malicious code will be embedded within the ad. Similar to a drive-by-download,
there is no interaction needed on the user’s part to download the malware and be impacted by
this kind of malware attack.
• Man-in-the-middle (MitM) attack
• A man-in-the-middle attack employs the use of an unsecured, or poorly secured, usually public
Wi-Fi router. The hacker will then scan the router using special code looking for certain
weaknesses such as default or poor password use.
• Once the attacker has found the vulnerability, they will then insert themselves in between the
user’s computer and the websites that user visits and intercept the messages or information
being transmitted between the two, such as passwords or payment card data.

• Man-in-the-browser (MitB) attack
• This is similar to a man-in-the-middle attack attack. All an attacker needs to do is
inject malware into the computer, which will then install itself into the browser
without the user’s knowledge. The malware will then record the data that is
being sent between the victim and specifically targeted websites.
• Social engineering and malware attacks
• Social engineering is a popular malware delivery method that involves the
manipulation of human emotions. Social engineering uses spam phishing via
email, instant messages, social media, and more. The goal is to trick the user
into downloading malware or clicking a link to a compromised website that hosts
the malware.

What should I do about malware attacks?
Keep your software updated
• Software updates are important because they repair security holes that have been discovered, and fix or
remove computer bugs. It’s smart to run software updates as soon as they become available.
Back up your files regularly
• Regularly copy your data to an external hard drive or a reputable cloud storage provider in case it’s ever
compromised in a malware attack. Back up the data on all of your devices, including your tablets,
computers, and smartphones.
Scan executable files before running them
• “Executable” files, which end in “.exe.”, contain step-by-step instructions for a computer to carry out a
function. Double-clicking the .exe file will trigger your computer to execute these instructions using a
software program.
• There are plenty of software options that contain antivirus software, but it’s a good idea to choose one that
scans in real-time rather than manually.

Pharming
• Pharming is a form of online fraud involving malicious code and fraudulent websites. Cybercriminals install
malicious code on your computer or server. The code automatically directs you to bogus websites without
your knowledge or consent.
• The goal is to get you to provide personal information, like payment card data or passwords, on the false
websites. Cybercriminals could then use your personal information to commit financial fraud and identity
theft.
• Pharming combines the words “phishing” and “farming.” This cybercrime is also known as “phishing without
a lure.”
• Phishing is an online fraud scheme where a cybercriminal hopes you’ll click on a compromised email link
which takes you to a fake site where you then enter your access credentials — such as your username and
password. If you do, the fraudster can then access the real site and steal your personal information there.

Pharming
• Pharming, on the other hand, is a two-step process. One,
cybercriminals install malicious code on your computer or server.
Two, the code sends you to a bogus website, where you may be
tricked in providing personal information. Computer pharming
doesn’t require that initial click to take you to a fraudulent website.
Instead, you’re redirected there automatically. The fraudster has
immediate access to any personal information you enter on the site.

How to protect yourself against pharming
• Ensure you are using secure web connections (look for https in the web address)
• Be cautious when opening links or attachments that you weren’t expecting or that are from an unfamiliar sender
• Avoid suspicious websites
• Enable two-factor authentication on sites that offer it
• Use a reputable internet service provider, whenever possible
• Use a VPN service that has reputable DNS servers
• Change the default password on your consumer-grade routers and wireless access point
Here are two signals of pharming.
• An unsecure connection. If your site address says “http” instead of “https” in the address line, the website may be corrupted.
• A website that doesn’t seem right. If the site you’re on has spelling errors, unfamiliar font or colors, or otherwise just doesn’t
seem legitimate, it may not be.

Online Credential Theft Attacks:
SPYWARE
• Spyware is unwanted software that infiltrates your computing device, stealing your internet
usage data and sensitive information. Spyware is classified as a type of malware — malicious
software designed to gain access to or damage your computer, often without your knowledge.
Spyware gathers your personal information and relays it to advertisers, data firms, or external
users.
• Spyware is used for many purposes. Usually it aims to track and sell your internet usage data,
capture your credit card or bank account information, or steal your personal identity. How?
Spyware monitors your internet activity, tracking your login and password information, and
spying on your sensitive information.
• Some types of spyware can install additional software and change the settings on your device,
so it’s important to use secure passwords and keep your devices updated.

Spyware
There are four main types of spyware. Each uses unique tactics to track you.
• Adware. This type of spyware tracks your browser history and downloads, with the intent of predicting what
products or services you’re interested in. The adware will display advertisements for the same or related
products or services to entice you to click or make a purchase. Adware is used for marketing purposes and
can slow down your computer.
• Trojan. This kind of malicious software disguises itself as legitimate software. For example, Trojans may
appear to be a Java or Flash Player update upon download. Trojan malware is controlled by third parties. It
can be used to access sensitive information such as Social Security numbers and credit card information.
• Tracking cookies. These track the user’s web activities, such as searches, history, and downloads, for
marketing purposes.
• System monitors. This type of spyware can capture just about everything you do on your computer.
System monitors can record all keystrokes, emails, chat-room dialogs, websites visited, and programs run.
System monitors are often disguised as freeware.

How do I get spyware?
• Your device is slow or crashes unexpectedly.
• Your device is running out of hard drive space.
• You get pop-ups when you are online or offline.
How to help prevent spyware?
Here are four main steps to help prevent spyware.
• Don’t open emails from unknown senders.
• Don’t download files from untrustworthy sources.
• Don’t click on pop-up advertisements.
• Use reputable antivirus software.

Worms
A worm is a malicious computer program that replicates itself usually over a computer
network. An attacker may use a worm to accomplish the following tasks;
• Install backdoors on the victim’s computers. The created backdoor may be used to
create zombie computers that are used to send spam emails, perform distributed denial
of service attacks, etc. the backdoors can also be exploited by other malware.
• Worms may also slowdown the network by consuming the bandwidth as they replicate.
• Install harmful payload code carried within the worm.

Protecting yourself from Computer Worms
• Keep the computers’ operating system and software up-to-date with vendor-issued
security releases. These updates often contain security patches designed to protect
computers from newly discovered worms.
• Avoid opening emails that you don’t recognize or expect, as many computer worms
spread via email.
• Refrain from opening attachments and clicking on links from untrusted/unfamiliar
sources.
• Run a firewall and antivirus software to be further protected from computer worms.
Software firewalls will keep the computer protected from unauthorized access. Choose
an antivirus program that includes download scanning functionality (to detect malicious
content in email and web downloads) as well as malware removal tools

Symptoms of a Computer Worm
• Slow computer performance
• Freezing/crashing
• Programs opening and running automatically
• Irregular web browser performance
• Unusual computer behavior (messages, images, sounds, etc)
• Firewall warnings
• Missing/modified files
• Appearance of strange/unintended desktop files or icons
• Operating system errors and system error messages
• Emails sent to contacts without the user’s knowledge

Computer Worm Removal
• Check that all antivirus signatures are up-to-date.
• Scan the computer with antivirus software.
• If the scan detects a computer worm or other malware, use the software
to remove malware and clean or delete infected files. A scan that detects
no malware is usually indicative that symptoms are being caused by
hardware or software problems.
• Check that the computer’s operating system is up-to-date and all software
and applications have current patches installed.
• If a worm is difficult to remove, check online for specific computer worm
removal utilities.

Trojan
• A Trojan horse, or Trojan, is a type of malicious code or software that
looks legitimate but can take control of your computer. A Trojan is
designed to damage, disrupt, steal, or in general inflict some other
harmful action on your data or network.

How do Trojans work?
• You might think you’ve received an email from someone you know and click on
what looks like a legitimate attachment. But you’ve been fooled. The email is
from a cybercriminal, and the file you clicked on — and downloaded and opened
— has gone on to install malware on your device.
• When you execute the program, the malware can spread to other files and
damage your computer.
• How? It varies. Trojans are designed to do different things. But you’ll probably
wish they weren’t doing any of them on your device.

Common types of Trojans
Backdoor Trojan
• This Trojan can create a “backdoor” on your computer. It lets an attacker access your computer and control
it. Your data can be downloaded by a third party and stolen. Or more malware can be uploaded to your
device.
Downloader Trojan
• This Trojan targets your already-infected computer. It downloads and installs new versions of malicious
programs. These can include Trojans and adware.
SMS Trojan
• This type of Trojan infects your mobile device and can send and intercept text messages. Texts to
premium-rate numbers can drive up your phone costs.
Distributed Denial of Service (DDoS) attack Trojan
• This Trojan performs DDoS attacks. The idea is to take down a network by flooding it with traffic. That traffic
comes from your infected computer and others.

How to help protect against Trojans
• Computer security begins with installing and running an internet security suite. Run periodic diagnostic
scans with your software. You can set it up so the program runs scans automatically during regular
intervals.
• Update your operating system’s software as soon as updates are made available from the software
company. Cybercriminals tend to exploit security holes in outdated software programs. In addition to
operating system updates, you should also check for updates on other software that you use on your
computer.
• Protect your accounts with complex, unique passwords. Create a unique password for each account using
a complex combination of letters, numbers, and symbols.
• Keep your personal information safe with firewalls.
• Back up your files regularly. If a Trojan infects your computer, this will help you to restore your data.
• Be careful with email attachments. To help stay safe, scan an email attachment first.

In-session phishing
• With this technique, a fake pop-up is generated as users browse on
legitimate websites. The pop-up typically requests for account
credentials or other personal information. Users, thinking that the
pop-up is tied to the website they are browsing, enter their
information which is then retrieved by the cybercriminals.
• The best defense against this phishing technique is to always ensure
that your browsers have pop-up blockers enabled.

Unit iii: Common Hacking Techniques

More Related Content

What's hot

Similar to Unit iii: Common Hacking Techniques

More from Arnav Chowdhury

Recently uploaded

Unit iii: Common Hacking Techniques