Technology Hijacking
When you hear the word “hijacking” you probably think about aircraft. But hijacking is not exclusive to the aviation industry. It happens across a multitude of platforms — and occurs quite often in technology. Technology hijacking is when a cybercriminal takes control of devices and systems. Take a look at some of the top ways cybercriminals can hijack your technology and exploit your systems:
DLL Hijacking
DLL stands for "Dynamic Link Library." A DLL is a library that contains code and data that can be accessed by a Windows program. When a program is launched, links to the files are created. DLL hijacking is when a cybercriminal takes control of which DLL a program loads, and then injects malicious code into the application. Then that application loads the hackers DLL. Hackers do this to access digitally signed applications.
As Eran Shimony of Security Boulevard explained:
“Many endpoint security products are based on whitelisting signed applications, making attackers’ lives difficult when they try to run unsigned code. Traditional code injection methods often include opening a handle to a remote process, which is a noisy activity that could cause an alert.”
In those cases, DLL hijacking is an easy alternative for hackers since they only have to write malicious payload into a specific path for the vulnerable application to load the bad code.
While this particular hijack first became known back in 2000, it is still a method hackers use to exploit systems today. Organizations need to be proactive in preventing these types of attacks. One of the best ways to prevent DLL hijacking is to ensure that end-user devices are up to date on all the latest software updates and patches. Allowing systems to run out of date software can open organizations up to the DLL hijacking threat.
IoT Hijacking
IoT devices are any internet-connected devices. IoT devices cover a wide range: from connected household appliances to standard office equipment you might not always think about. Printers, security cameras, and smart assistants — to name just a few. Many businesses purchase these convenient devices to use in the office. However, many people are unaware of the potential risks associated with using IoT devices.
Many IoT products are headless, which means they cannot be patched or updated. Because technology evolves so rapidly, many of these devices can become outdated within a very short window of time – sometimes even within just a matter of weeks. This wouldn’t be too much of an issue, except that these devices connect to the internet, which means they can be hijacked just like any other internet-enabled device. If you let these devices operate unprotected, or don’t have a way to patch and update them, the door will be left wide open for cybercriminals. Just think of all of the potential ramifications that could occur if a technology hijacker was able to gain access to devices like your security system and cameras.
The best way to protect your organization against IoT hijacking is to make sure you only purchase IoT devices that provide updates and can be patched — and that you stay on top of those updates and patches. It can be all too tempting to click “remind me later” when the update reminder pops up, but it is important that warnings are heeded immediately to avoid any exploitable vulnerabilities.
DNS Hijacking
DNS stands for Domain Name Server. DNS is a naming system for devices and resources connected to the Internet or a private network. DNS hijacking, also known as DNS poisoning and DNS redirection, is when a hacker subverts a DNS query. DNS queries are incorrectly resolved so that users are unknowingly redirected to malicious sites. To perform the attack, hackers will install malware on vulnerable devices, assume control of routers, or intercept DNS transmissions.
DNS hijacking is most often used for two end-goals:
- Pharming
- Phishing
Pharming is a cyberattack that redirects traffic to malicious websites without the user’s knowledge or consent. Phishing is when victims are tricked into revealing sensitive information under the assumption that the requester is a legitimate source. Both of these types of attacks are the bread and butter of DNS hijacking. Some Internet Service Providers (ISPs) may also use a legal form of DNS hijacking to collect data from their users. Governments might use DNS hijacking to censor dissenting content.
According to Smarty DNS, recognizing signs of a DNS hijack can be as simple as noticing when websites are slow to load, there is an abnormal amount of pop-ups, and suspicious computer alerts about malware and viruses. For less obvious cases, you can use the ping command, check your router, or use a reputable website to verify your DNS.
To prevent DNS hijacking, make sure you and your employees are practicing good cyber hygiene. Don’t click on any suspicious links, and don’t connect to unprotected wifi. Change the default username and password on your router, and employ a reputable VPN for additional DNS protection. OpenVPN’s newest product, CloudConnexa, offers high levels of DNS security. CloudConnexa is free to try on 3 concurrent connections.
Technology hijacking, like any security threat, needs to be taken seriously. To properly defend your organizational resources, make sure you know what threats are out there, why and how they could impact you – and what you can do to prevent them. Cybercriminals are always evolving their tactics, so be prepared to tackle new threats head-on. Technology hijacking today might look vastly different tomorrow, so keep your methods as fluid as the technology itself.