Already I have posted Most Common Cyber attacks in my previous post if you haven't checked till now Click here
• ClickJacking:
Clickjacking attack refers to any attack where the user is tricked into unintentionally clicking on web page element.
The name was coined from"Click Hijacking" and the technique is most often applied to web pages by overlaying malicious content over a trusted page or by placing a transparent page on top of a visible one.
When the user clicks on innocent-looking item on the visible page they are actually clicking the corresponding location on the overlaid page and the click triggers a malicious action anything from a faking a like or a follow on social media to siphoning money from the users bank account.
• QRLjacking:
QRLJacking is an attack in which attacker creates a fake QR code.
How it works?
~ The attacker initializes a client side QR session and clones the login QR code into a phishing page.
~ The attacker then sends the phishing page to the victim.
~ If convinced the victim scans the QR code with a specified targeted mobile app.
~ The mobile app sends the secret token to the target service to complete the authentication process.
~ As a result, attacker who initializes client side QR session gains control over the victim account.
~ Then the service starts exchanging all the victim's data with the attackers browser session.
"The attacker need to do to initialise a successful QRL jacking attack is to write a script to regularly clone the expirable QR codes and refresh the ones displayed on the phishing website which they created. As we know that a well implemented QR login process should have an expiration interval for the QR codes".
An attacker can exploit the QRLjacking to take over accounts for service that they rely on vulnerable QR-Code-Based login authentication.
For further information have a look on this Example.
• Tabnapping:
Tabnapping is a type of social engineering attack where the attacker replaces the contents of dormant browser tab with a spoofed website intended to collect passwords or other sensitive information.
This type of attack would rewrite the existing tab with the attackers website. Wherever the victim comes back to that tab, he will think that he has logged out of that particular website and try to login again, and as soon as the victim logs into his account, the attacker will capture the credentials. The SET can be used to launch this attack.
• Eavesdropping:
Eavesdropping is an electronic attack in where digital communications are intercepted by an individual whom they are not intended.
This is done in two main ways: Directly listening to digital or analog voice communication or the interception or sniffing of data related to any form of communication.
It is the act of intercepting communication between two points.
Actually, Eavesdropping is nothing but listening to the other people talk without knowing to them. It can be done using current technology such as hidden microphone and recorders.
Devices with microphones including laptops and cellphones also can be hacked to remotely activate their microphone and discretely send data to the attacker.
• Drive-by Attack:
A Drive-by Attack is a common method of distributing malware.
A cyber attacker looks for an insecure website and plants a malicious script into PHP or HTTP in one of the pages. This script can install malware into the visitors computer who visits that particular website or become an IFRAME that redirects the victim's browser into a site controlled by the attacker. This attack is known as Drive-by Attack because they don't require any action on the victim's part. Except visiting the compromised site.
When they visit the compromised site they automatically become infected if their computer is vulnerable to the malware, especially if they don't take any security precautions such as updating their system/Apps etc.,
Post a Comment
0 Comments