Back in the 1990s an Excel macro virus silently and randomly replaced zeros in spreadsheets with capital O’s. This altered numbers into text labels with a value of zero and went on undetected well after many backup systems were filled with bad data.
Very often, malicious hackers reuse the same type of attacks year-in, year-out. However once in a while, anti-malware researchers also come across a few techniques that showcase instances of inspired malicious hacking such as the illustration above.
Here are some examples of more recent stealthy attacks:
Fake wireless access point – How many times have you connected to the free wireless network offered by airports, coffee shops and other gathering places? Faking a wireless access point (WAP) is one of the easiest hacks to accomplish.
Once people are connected to the spoofed WAP, hackers are able to intercept unprotected data streams being sent by the victim and pluck data and passwords from the messages. Sometimes hackers will even as victims to crease new access accounts to use the faked WAP. Since some people use the same passwords on sites like Facebook, Twitter and Amazon, hackers will try these passwords on those sites as well.
The takeaway here is that you can’t trust public wireless access points. Consider using a VPN connection. It protects all your communications. Don’t recycle passwords between public and private sites.
Cookie hijacking – Browser cookies help Web sites track users. Cookies help the site track the user during their visit to the site or even over multiple visits. Cookies are sort of an identifier and they make it easier for users to do online purchases.
When a hacker steals a person’s cookies it allows the hacker to be authenticated to the Web site the victim frequents. Firesheep, a Firefox browser add-on, makes it very easy for people to steal unprotected cookies. Firesheep shows all the names of locations of the cookies it sees and with a simple mouse click a hacker can take over the sessions.
Hackers can also now steal SSL/TLS protected cookies. To protect against this attack, is for Web sites to use updated encryption protection and for Web developers to use secure development techniques to cut down cookie theft.
Find out about the other stealthy tactics favoured by today’s hackers and how you can protect yourself, here.