The fundamental terms to know about online security and cybercrime, easily available from A to Z.
Adware is a type of software which shows adverts on a computer through banners and pop up windows. These types of banners and pop ups are often included as part of free versions of software and can record personal information and browsing habits and if this is done without the users knowledge it is classed as spyware. The personal information obtained by this software is often sold onto third parties.
These days a lot of software and mobile applications come in an advertisement supported mode and a paid advertisement free mode. The advertisement supported mode is a tempting option for personal customers as well as businesses as they can avoid paying a large sum of money for software.
Essentially this is online identity theft. A bad actor will take over the victims online financial and e-commerce accounts and change account details in order to make transactions undetected.
Alternatively, accounts can be held to ransom by bad actors to elicit a payment from the victim.
Using online adverts to send users to malicious websites. A bad actor can purchase advertising space which is being sold by a legitimate website, once purchased the bad actor will replace the advert with a link that can either be used to download malware or send the victim to a malicious website.
A bad actor will either infect a legitimate website or lead users to a malicious website which has been created by them.
Once the victim is on the site the bad actor can create a pop up that takes over the users screen and is incredibly hard to close. Often this pop up will claim to be antivirus software stating that a virus has been detected on the victim's computer with a link to a support site or number. This is an attempt to trick the victim into paying them to remove the fake virus with them believing it to be legitimate.
A brute force attack is when a bad actor uses trial and error in an attempt to obtain someone's personal information such as their password to a specific website or pin number. Rather than sit at a computer and try the different combinations themselves a bad actor will tend to use custom made software which will generate a large number of guesses one after another. This software is readily available on the internet for anyone to purchase and performs different techniques depending on what the bad actor requires. The following is a list of just some of the techniques utilised in the software.
A botnet is a series of connected computers which perform a number of repetitive tasks. With the use of malware a bad actor can add someone’s computer to their botnet with them being completely unaware. Once the malware has been downloaded the bad actors computer will be contacted to let it know that a new computer has been added to the botnet. Botnets are used to carry out distributed denial-of-service attacks, emailing spam or generating fake internet traffic to name just a few.
This is when what can be described as an invisible layer is placed over a website page and includes invisible buttons. For example if you were to be looking at a login page on your screen with a submit button there would be an invisible button over the visible submit button. When someone has entered their login details and clicks submit they are actually unknowingly clicking on the invisible button. This can result in malware being downloaded to the victim's computer, a request for sensitive information which looks legitimate or the transfer of money through fraudulent purchases.
A popular clickjacking attack for bad actors is embedding a facebook like or share button on a malicious website. A transparent frame floats over the button or follows the mouse cursor so that
when the victim clicks on anything it sends the cursor to the like or share buttons.
This also links into a way in which bad actors can obtain information about a victim from Facebook. The embedded facebook like or share on a malicious website can be designed so that once it has been clicked on the victim inadvertently becomes a fan of the bad actors page. When this has been done it allows the bad actor to see the facebook information of the victim such as name, age, gender and facebook id.
This often occurs when someone accesses trusted websites over an unprotected public wi-fi network. The username and password for the site will be encrypted however the session data which travels back and forth, also known as the cookie, will be unencrypted. Using hacking software a bad actor can mimic a cookie over the same network which can allow them access to the site that the user is on.
Depending on the site being accessed at the time this could allow the bad actor to do anything from making posts on social media to transferring money out of a bank account.
This is based on the assumption that people use the same password across multiple websites.
When data containing users login details has been stolen from a streaming website for example, a bad actor will attempt to use those login details on other websites which can potentially give them access to even more sensitive data.
Usually using malware and social engineering an email with a link is sent to the victim which, when clicked on, tricks the victims web browser into completing an unwanted action. This can allow a bad actor to modify the requests which are being made by the browser. For example, if a request for a money transfer is made the bad actor can modify the browser request so that the money is sent into their account instead.
Cryptojacking is the unauthorised use of someone’s computer to mine cryptocurrency. A malicious email is sent to someone which when opened installs cryptomining code onto a computer or mobile phone. The script runs in the background without the users knowledge and is designed to use the device to mine the internet for cryptocurrency.
In a modern browser it can allow a bad actor access to the users geolocation, webcam, microphone and specific files from the computer file systems. Combined with social engineering this can facilitate cookie theft, planting trojans, keylogging, phishing and identity theft.
How does it work?
When a bad actor attempts to guess the password by attempting an exhaustive amount of attempts at different combinations of words and text until they get the right one. There is an element of randomness to this however it can be made easier for the bad actor by using techniques such as phishing and social engineering.
These are two ways of potentially obtaining personal information that someone could be using as part of a password.
Simply put, a Distributed Denial of Service Attack is when bad actors attack websites and online services by flooding them with too much traffic making them unavailable. The aim is to overwhelm the server or network with more than it can accommodate often by sending messages, requests for connections etc. The primary way of carrying out an attack such as this is with the use of something called bots or zombie computers which when used together are known as botnets. Botnets can give bad actors the use of thousands of computers, with the victims completely unaware, in order to carry out these attacks as well as devices known as IoT (Internet of Things) such as cameras, smart tv’s, printers.
Assembling botnets can be difficult and time consuming so like most things illegal DDoS attacks can be purchased via forums and marketplaces on the dark web. Cybercriminals with the know how will create the botnets and then lease or sell them for as little as a couple of hundred US dollars.
Emotet is a malware strain and a cybercrime operation based in Russia. Initially released in 2014 as a form of banking trojan aimed at stealing banking credentials from infected hosts, it has since evolved and was deemed one of the most prevalent threats in 2019 (as per Bleeping Computer). Since 2014 the operators of Emotet have developed to function as a more generic 'loader' Trojan, used to gain access to a system so that a bad actor can then deliver additional payloads.
The usual method of infection is through a macro virus within an email attachment, often made to look like a response to an email already sent.
It is known that Emotet has been instrumental in setting up Botnets (per Sophos), access to which is then sold using the Malware-as-a-service . The Emotet operation runs at minimum 3 distinct botnets, Epoch 1, 2 & 3.
Malicious java script is injected into a legitimate website in order to take over the functionality of the sites form pages. When someone then enters data onto the form it is collected by a bad actor.
The bad actor injects the malicious script into the targeted website
A customer loads the website which has had the malicious script injected into it. The customer then enters their details onto a form on the website, for example a form in which details are required to complete a purchase.
When the completed form has been submitted it is sent to the legitimate website but a copy is also sent to the bad actor who injected the website with the malicious script.
A Fake Wireless Access Point is when a bad actor sets up a wireless router with a convincing legitimate looking name in a public area such as the name of a nearby shop or shopping center. Once somebody connects their device to the router the bad actor can monitor what they are doing, steal sensitive data and upload malware.
As well as using a router there is software that can be easily obtained on the internet which will allow someone to set up a fake wireless access point. This access point, like the router, can be named as ‘free wi-fi’ or take the name of a local shop with the aim of attracting people to connect to it without asking questions. Once connected the bad actor can view what devices are connected and monitor their activity.
By using a hardware device which has been covertly connected to a computer or software which has been installed through the use of malware, every key pressed on the users keyboard is logged and sent do a bad actor. This can allow a bad actor to capture personal messages, login credentials, credit card numbers etc.
Malware or Malicious Software is the umbrella term given to any piece of software that was created with the intent of damaging devices and stealing data. Viruses, trojans, spyware and ransomware are examples of different types of malware and are often created by bad actors and then sold on the dark web.
Malware can infect a computer or other device through malicious emails, websites, links, applications, text messages, bluetooth, free software offers, illegal file downloads to name a few. Once downloaded the victim may find that the computer/device has started to run slower than usual.
Malware varies from file to file and will carry out different tasks depending on what file has been downloaded. For example it could steal credit card information by logging every key which has been pressed on the keyboard (keylogging), it could attack the device by producing a large amount of pop up adverts and links to websites, or it could be used to modify or delete data on the computer/device.
In 2000 there was a worm named the Loveletter Virus. When it was released it attacked millions of windows computer via email. The email contained an attachment containing the worm which, when opened, would overwrite the image files on that particular computer and then email itself to all of the contacts in the users address book.
A man in the middle attack is when a bad actor intercepts communications between the victim and the entity in which they are trying to communicate with. For example the victim receives an email from what appears to be their bank directing them to the banks website. When they click on the link they are taken to a website which looks like their banks but is infact a malicious site created by the ‘Man in the Middle’ who is the bad actor. When the victim enters their login credentials instead of logging into the banks website the credentials are being sent to the bad actor.
Phishing is a communication sent disguised as being from a known and trusted source. This could be anything from a simple email requesting a password update to the sender doing research on the victim beforehand using social media among other means to find out personal information about them. The information is then used to create an email appearing to be from someone or a business that the recipient knows. This email will request personal and sensitive information from the recipient such as credit card information, usernames and passwords.
In 2017 there was a phishing email which was sent to users of google docs. These emails invited thee recipients to edit documents on google docs however those who followed the links gave the bad actors who had sent the emails access to their Gmail accounts.
In September 2019 creators on YouTube were sent emails which tricked them into entering their login details via a fake website. Their accounts were then hacked and made to appear that they had been deleted. These accounts were then sold on the dark web.
A bad actor will contact a telephone service provider requesting the transfer of service from an old phone to a new one. If successful, the telephone service provider may port the old number to the new device which is in the control of the bad actor. This can give them access to accounts, passwords and the ability to hack into apps, emails, photos and financial sites of the old user of that number.
Pre computed tables that store hash values which are pre matched to possible passwords. This is useful because it provides the bad actors with the hash value which will give them access if matched to one stored by the particular website they are attempting to access.
A password hash is when a string of text used for a password is transformed by a website, using a mathematical formula, into another string of scrambled data called the hashed password.
A form of malware, this locks and encrypts someone's computer then demands payment in order to restore access to them. On occasion payment is demanded within a certain timeframe with the threat of access being lost forever. Below are just a few different types of ransomware.
Infects the computer's operating system to completely lock the victim out of their computer
Acts like antivirus software by finding fake threats and demanding payment to resolve the issues found. Some can lock the computer and others flood the screen with alerts and pop ups. If the fake antivirus is paid for by the user then this will often lead to malware being downloaded onto their device.
Threatens to publish stolen information if a ransom isn’t paid.
RaaS (Ransomware as a Service)
A type of malware which is hosted by a bad actor. The bad actor will handle the distribution of ransomware, collect the payments and manage the decryptors which is the software that restores the access. This is all done by the bad actor for a percentage of the ransom.
The CryptoLocker ransomware came onto the scene in 2013 and is usually disguised as an email attachment. The ransomware will encrypt files which blocks the user from accessing them, then demanding payment in cryptocurrency in exchange for the encryption key. If payment was not made by the deadline given the key would be deleted meaning that the user would lose access to the data.
Ransomware is known to have first appeared in 1989 by the name of AIDS or the PC Cyborg Trojan. It was spread using a floppy disk. It would count how many times that the computer was rebooted and once that count reached 90 it would encrypt the machine demanding that the user renew their licence with the PC Cyborg Team and to send the renewal fee to a PO Box in Panama.
One of the most common forms of ransomware is police ransomware. The users screen would be locked with a note claiming that they had commit.
Spoofing is when a communication is sent disguised as being from a known and trusted source. For example, an email is sent from a false email address pretending to be from a legitimate business. It looks like a legitimate email but contains links or attachments which when opened contain malware. Malware programs can steal, encrypt or delete data as well as monitor someones computer. This can cause significant damage to the computer and network and grant someone access to personal information such as usernames and passwords.
In 2018 football fans were targeted in relation to the FIFA World Cup. Some fans whom appeared to have been identified via social media were sent emails offering a schedule of fixtures and results for the tournament. In fact, the emails contained an attachment containing malware which would infect the recipients device.
Although spoofing emails are common it isn’t just limited to this form of communication. There are a variety of ways in which someone will try and get access to personal and sensitive data. Below is a list of just some of the ways in which spoofing is carried out.
As mentioned above, an email is sent from a false email. The email address and its contents are designed to try and fool the recipient into believing it is legitimate and from a particular person or business. These emails are sent with the intention of infecting the recipient’s computer or network with malware and stealing sensitive data.
This is carried out by changing the caller’s number to trick the recipient’s caller id into thinking that the call has originated from somewhere it hasn’t. This is done to make the recipient believe that the calling number originated in their area or in order to mimic the telephone number of a business or bank with the goal of ascertaining sensitive data from the recipient.
Text Message Spoofing
This is when someone will send a text message using someone else’s phone number. By doing this they hide their true identity and can pose as a legitimate business requesting details from the recipient. Generally, they will contain links to fake websites or a link which infects the recipient’s device with malware.
This is also known as URL spoofing and its aim is to make a website look like a legitimate one. This will often be a part of an email spoofing scam whereby the recipient is asked to update their password via a link which takes them to a fake website. This website will look legitimate and users will have to log on as normal which then provides the creator of the website with their username and password.
Often sent via emails this attempts to frighten people into clicking onto a URL which then infects their computer. Ads and images are also used which direct people to a malicious website which looks real. Once there the user is exposed to malware allowing a bad actor to steal personal and sensitive information.
Simply put SQL (Structured Query Language) is language that is used to communicate with a database and to perform tasks such as update data on a database or to retrieve data. A bad actor can take advantage of SQL on websites which have forms that require someone to input data in order to retrieve information. For example if someone was to go onto a website in order to track a package that they have ordered. What would normally happen is someone would enter their unique tracking number into the form and then using SQL the website would retrieve the information from it’s database and present it for the user.
A bad actor would take advantage of this system by entering data in addition to a tracking number so that when the website uses SQL to retrieve the data from the database instead of just retrieving the information relating to the tracking number, it could potentially retrieve all of the information in the database. This could give the bad actor access to a large amount of sensitive information and allow them to change or delete data.
Social engineering requires contact with a person in order to trick them into divulging personal and sensitive information such as bank account/card details and login details. One example is when a bad actor may contact someone via telephone pretending to be technical support stating that something is wrong with their computer or a virus has been detected. They will request usernames, passwords etc. in the hope that the person will provide them and give them access to their banking, social media, shopping accounts to name just three. Social engineering is used to facilitate phishing and a number of other techniques which are used to deceive people in order to obtain their personal and sensitive information.
Below are some more examples of the ways a bad actor will carry out social engineering:
This type of malware sits on a computer and steals the internet usage details and sensitive information. Usually the aim is to track and sell internet usage data, credit card data, bank information and to commit identity theft by tracking login and password information.
This is a form of phishing when someone attempts to trick someone into giving them private and sensitive information via SMS message. This uses elements of social engineering.
Sim Swapping is a type of fraud targeting your personal information so that Bad Actors can impersonate you and access your bank accounts. The victims of this attack wouldn't know they've been compromised until they try to place a call or send an SMS message which usually will not go through.
A SIM swap scam involves Bad Actors taking advantage of a vulnerability in two-factor authentication and verification in which the second step is a text message or call to your phone number.
Sim cards are the storage for user data in Global System for Mobile (GSM) phones. Without a SIM card, your GSM phone wouldn't be authorized to use a mobile network. Therefore, by taking control of your phone number it'd be highly valuable to Bad Actors.
To carry out a "Sim Swap", it involves collecting as much information about the victim as possible. Bad Actors may send phishing emails that impersonate legitimate businesses like banks, or health insurers intended to fool the victims into giving over their legal names, date of birth, addresses and phone numbers. Also, Bad Actors can scrape public domains, social media and breached databases on the Dark Web in the hope of collecting as much information possible of the victim.
Once the Bad Actors gather enough information on a target, they create a false identity. Firstly, they call the victim’s network provider and claim that the SIM card has either been lost or damaged and then ask the customer service to activate a SIM card or number in their possession.
Customer service representatives of the network provider would not accept these requests unless security questions are answered but Bad Actors come well prepared using personal data of the victim collected from across the web to answer those security questions.
Once access is granted to the victim’s phone numbers, Bad Actors target bank accounts. They can read your text messages, see who you're speaking to and what the conversation is all about. As most banks today, they'll send you a code to log in to an account or reset the password via SMS, this ultimately means that a bad actor can request and receive code as well as access your bank account.
The Bad Actor will then create a second account with the same bank under the victim’s name and transfer credit from one to another to make it seem legitimate as the bank's system will view it as the victim transferring funds between two accounts.
SIM Swapping is one of the reasons why a phone number may not be the best-suited verifier of your identity. It's now known as a breachable authenticator. By adding additional layers of protection could help keep your identity and accounts safer.
Trojans are a type of malware which have been disguised as legitimate software. When the trojan has been downloaded by the victim the malware hidden inside is transferred to their device which could be a computer, laptop, tablet, phone etc. Once activated the malware can allow bad actors to spy, steal sensitive data, gain access to computer systems and potentially carry out the following:
Disrupt the performance of a computer or network
Typosquatting or URL hijacking is a form of a cyberattack which relies on mistakes such as typos made by internet users when inputting a website address into a web browser.
A virus is malicious code or a program which can alter the way in which a computer operates. It is designed to attach or insert itself to a legitimate programme or document on the infected computer /device in order to execute it’s code. The programme in which the virus is delivered needs to be run on a computer for the code to be executed, meaning that it could be a computer lying dormant in a document or file waiting to be opened. Once a computer has been infected other computers on the same network can be infected via a file or document resulting in passwords being stolen, data corrupted and email spamming the victims contacts to name a few.
As suggested by the name this is when a legitimate website is hijacked by a bad actor. The legitimate website is cloned and a link placed somewhere on the legitimate site. When this link is clicked on by the owner of the website a malicious web server replaces the one which the legitimate website uses and slightly changes the domain name with the hope that the owner of the site doesn’t notice. The cloned website is now using the legitimate server and the owner of the legitimate website has lost all access and control of it.
Once a bad actor has control over the legitimate website they will have access to any personal and sensitive information which comes with it. For example if it is an online shop then they will have access to any stored credit card details. The bad actor can also demand a ransom from the owner of the website, threatening to change any information on the site or post items of an obscene nature if it isn’t paid.
A watering hole attack targets a specific group of people by infecting the websites that they are known to visit with malicious code. Generally, the aim of this type of attack is to gain access to the victims computers and to gain access to the network at their place of employment. Popular targets are employees of large companies, human rights groups and government officials.
A virus is malicious code or a program which can alter the way in which a computer operates. It is designed to attach or insert itself to a legitimate programme or document on the infected computer/device in order to execute it’s code. The programme in which the virus is delivered needs to be run on a computer for the code to be executed, meaning that it could be a computer lying dormant in a document or file waiting to be opened. Once a computer has been infected other computers on the same network can be infected via a file or document resulting in passwords being stolen, data corrupted and email spamming the victims contacts to name a few.