Cyberattacks Ramping up During Holiday Shopping Season
Cross-Site Scripting, Shellshock and Heartbleed the Most Prevalent Attacks in Puerto Rico
BY DENNIS COSTA
Amid the holiday retail season and with online shopping playing an increasingly larger role, so have the number of cyberattacks and hacking intrusions designed to steal valuable information from consumers and use them with criminal intent, according to a top cybersecurity expert.
Derek Manky, global security strategist at Fortinet, a network security firm, told Caribbean Business that, as customers log in more frequently to online shopping sites, their exposure to hacking attacks increases. “Cybercriminals are becoming increasingly smart with their attacks, in part by employing different tactics on the hacking side instead of trying to mislead end users,” Manky said.
One of the more prevalent attacks taking place involves “keylogging” software that can quietly infect an unwitting user’s computer and basically installs itself. The malicious program (also known as “malware”) then records every keystroke made by a computer user, including password inputs, and sends the information to the cybercriminal.
A notable example of this type of malware is called njRAT (RAT stands for Remote Access Trojan). The Trojan, inspired by the Trojan horse legend, is a seemingly inoffensive program that, once it advances beyond a certain line of defense, carries out its harmful payload.
In the case of njRAT, there have been millions of attacks detected worldwide in the past few years, Manky revealed. Apart from logging keystrokes, njRAT programs are capable of downloading and executing files, providing remote desktop access, stealing application credentials and accessing the infected computer’s webcam and microphone, according to an article by specialty publication SecurityWeek.
Another trend on the rise is a type of malware called ATS (Automated Transfer System). In simple words, the program is able to carry out automated online banking fraud in a way that requires minimal input from cybercriminals. “Instead of having the attacker get login information to access a victim’s bank account and doing a wire transfer, the malware does it automatically from the infected machine in random, small batches,” Manky explained.
Statistics compiled by Fortinet and corresponding from August 2015 through early November show that more “traditional” types of cyberattacks are particularly prevalent in Puerto Rico. One of these is an old standby among cyberattacks called “cross-site scripting,” or XSS, with about 79,000 hacking attempts of this type detected on the island alone.
The attack essentially lets a cybercriminal exploit any vulnerabilities on a legitimate website to “inject” a malicious package. For example, the criminal could enter several lines of code that comprise a certain type of program (called a “script”) into the search bar of a legitimate website. The script would bypass the website’s security controls and essentially sit there, waiting for a victim to logon to the website and infect the victim’s computer.
Other prevalent attacks in Puerto Rico are related to two vulnerabilities called Heartbleed and Shellshock, with 48,000 and 23,000 recent attempts, respectively, to exploit both vulnerabilities, Manky revealed. Shellshock concerns several programming errors (also called “bugs”) found in a widely distributed program called a command- line interpreter, also known as a “shell.” Meanwhile, the Heartbleed vulnerability is located within a program called OpenSSL (the acronym stands for Secure Sockets Layer). Ironically, OpenSSL works as a security tool that prevents eavesdropping on internet users.
Another oft-used attack is called Crypto– wall Ransomware, with 79,000 recent attempts being detected in Puerto Rico. The Trojan basically encrypts crucial files, effectively blocking users from accessing their data. Then, as its name suggests, the ransomware demands a payment, usually $500, to recover the encrypted data, according to security software firm Enigma Software.
However, the chances of falling victim to data theft can be kept under check if users carry out some basic “cyberhygiene” practices, Fortinet’s Manky said. “The best mantra that users can keep in mind is ‘think before you link,'” he noted. “One needs to make sure that the link is going to a true, secure website before clicking on it, especially if the link is part of an email message. It’s also a good idea to have a different password for each shopping or online banking site you frequently visit.”
Other recommendations include carrying out transactions only from websites that display a picture of a lock next to its address, which should start with the acronym “HTTPS”; make purchases only on recognized websites; use elaborate passwords that include uppercase and lowercase letters, numbers and special characters; use security software; and frequently carry out updates and patch installments for the computer’s operating system.