Module 02 A Compromised Trusted Website

What’s a Trusted Website?

Modern browsers and infrastructure include a few safeguards.

These are just a few visual indicators:

  • lock icon
  • https:
  • VeriSign

Seeing them assures that a given site should be secure.

Here’s the scenario.

You visit a large reputable organization online. You believe it’s secure because
you see one of the visual indicators above. You expect that, because it’s
a well-established business, it has the resources and
capabilities needed to secure its website.

Wrong. Any site can be vulnerable to attack

and visitors and users would have no way
of knowing that they are at risk.

As a matter of fact, IT professionals
can’t diagnose some breaches
until it’s too late.

Let’s dig in.

Hackers have countless ways to try to access a site illegally.

Here are some ways even trusted websites can come under attack:

  1. Cookies
  2. Cross-Site Scripting
  3. Watering Holes

Cookies

A cookie is a small piece of data sent from a website and stored on your computer while you are browsing. For example, cookies track your history on shopping sites.

They allow you to choose “keep me logged in” for an online service even when you close your browser or shut down your computer.

Forged Cookies

Hackers can forge these kinds of cookies to impersonate a victim, tricking a website into giving them access to the victim’s account.

Malicious Cookies

Many sites use cookies for profiling and tracking for legitimate purposes, like advertising and analytics. Malicious cookies, however, extract private information from websites when you haven’t logged out or that contain unexpired cookies used to maintain sessions over short periods of time.

Supercookies

Supercookies identify and persistently track visitors, without having to worry about users enabling private browsing or deleting cookies.

Cross-Site Scripting (XSS)

Cross-site scripting is an attack that delivers malicious code to end-users through trusted websites and applications.

With XSS, an attacker does not target a victim directly, but uses a vulnerability within a website or application as a vehicle to deliver a malicious script to the victim’s web browser.

The script can have several negative side effects, including:

  • allowing the attacker to
    impersonate the victim
  • gaining access to
    passwords and other
    sensitive information and
  • hijacking a victim’s browsing
    session altogether.

Watering Holes

Watering holes implant malware into reputable websites that targeted victims are likely to visit. The goal is to infect victims’ computers and gain access to their networks.

Let’s get real.

Yahoo and Forbes
are two examples
of trusted websites that have been compromised by hackers. Yahoo suffered a forged cookie attack in which hackers stole data from more than a billion customer accounts.

The Forbes Compromise occurred when a Chinese group infected the Forbes.com website with a watering hole attack.

Millions of users visited the site
during the attack.

The protections in place shielded most of the would-be-victims from the attack, according to two malware protection companies, iSight and Invincea.

The attackers were seeking the user profiles of leaders
in the defense and financial industries in order to gain access to their respective networks.

Knowledge Check Module 2

Directions

Use what you’ve learned about compromises to trusted websites to select the best answer to the following questions.

    1. Your Chosen Answer: Your Chosen Answer:

  • Select a module below to continue.

    Click the previous arrow to review the Knowledge Check.