11 Discreet Ways to Hack Windows in 2017
Cybercriminals rely heavily on techniques that secretly introduce malicious code into a target system, usually by exploiting vulnerabilities and security gaps in operating systems and software security functions. These vulnerabilities— or mistakes in program code or operational logic—enable malicious software packages (i.e., malware) to penetrate a victim’s machine and launch themselves. And given the complexity and extensive functionality of today’s software applications, software bugs and design mistakes (and therefore vulnerabilities) are virtually inevitable.
The following are 11 discreet ways to compromise a Windows machine, specifically using different types of malware to grant unauthorized access to a Windows system—and how to protect your shipping and maritime enterprise from these threats.
As its name implies, adware—short for advertising-supported software—is a type of malware that automatically delivers advertisements. Common examples include advertisements displayed in free or trial software applications as well as website pop-up ads. While most adware is sponsored or authored by advertisers and serves as a revenue generating tool, it is not uncommon for adware to be bundled with spyware capable of tracking user activity and stealing information.
Spyware functions by monitoring and recording users’ activity without their knowledge. These spying capabilities can include activity monitoring, collecting keystrokes, data harvesting (e.g., account information, logins, financial data), and more. Some are also capable of modifying software or browser security settings to interfere with and sabotage network connections. Spyware is propagated by exploiting software vulnerabilities and/or bundling itself with legitimate software—as in the case of Trojans.
3. Trojan Horse
A trojan horse, commonly known as a “trojan,” is a type of malware that disguises itself as a normal file or program to trick users into downloading and installing it. Trojans enable bad actors to remotely access infected computers; once access is gained, they can:
- steal data resident on the system (e.g., login credentials, financial data, even electronic money)
- install more malware
- modify critical system files
- monitor user activity (e.g., screen watching, keylogging)
- use the compromised system in a botnet attack
- use the compromised system to anonymize illegal activity carried out by the attacker
Trojans have been the primary catalyst for many of the devastating cyber attacks in recent history.
Maritime professionals are likely familiar with the NotPetya ransomware attack that brought Maersk and APM Terminals to their knees last year. Ransomware essentially holds a computer system captive while demanding a ransom, restricting user access by either encrypting files on the hard drive or locking down the system. A ransom message is then displayed with payment instructions—upon receipt of payment, restrictions are removed/files decrypted and access is regranted to the computer.
A rootkit is a type of malicious software designed to remotely access or control a computer without being detected by users or security programs. Because they enable administrator-level access to a computer or computer network (and are especially hard to detect), rootkits are considered the ultimate malware threats—once installed, malicious parties can:
- remotely execute files
- access/steal information
- modify system configurations
- alter software configuration and behavior—especially that of security software that could detect the rootkit)
- install concealed malware
- control the computer as part of a botnet
As mentioned previously, rootkits are notoriously hard to detect and remove; even security products have difficulty detecting and removing them. Manual methods and vigilance are the most effective ways to spot rootkits:
- monitoring computer behavior for irregular activity
- signature scanning
- storage dump analysis
Organizations and users can protect themselves by regularly patching software applications and operating systems, keeping virus definitions up-to-date, avoiding suspicious downloads, and performing static analysis scans.
A virus is a form of malware capable of copying itself and spreading to other computers. They often spread by attaching themselves to a software application; when users launch the program in question, malicious code is automatically executed. Viruses can also spread through scripts, documents, and cross-site scripting vulnerabilities in web apps. When unleashed on a target system, they can be employed for a myriad of malicious tasks: stealing proprietary information, harming host computers and networks, creating botnets, stealing money, rendering advertisements, and more.
These are among the most common types of malware. Spread over computer networks by exploiting operating system vulnerabilities, worms typically cause harm to host networks by consuming bandwidth and overloading web servers. They can also carry “payloads”—pieces of code that perform actions beyond simply propagation—that damage host computers, steal data, delete files, or create botnets.
Several key characteristics distinguish computer worms from regular viruses. While viruses rely on human activity to spread (e.g., running a program, opening a file), computer worms have the ability to self-replicate and spread independently—often by sending mass emails with infected attachments to users’ contacts.
Bots are software programs created to automatically perform specific operations, innocent or malicious. In the case of the latter, bots are commonly used in botnets—collections of computers to be controlled by third parties—for distributed denial-of-service (DDoS) attacks. Other types of malicious bots include spambots that render advertisements on websites, web spiders that scrape server data, and bots that distribute malware disguised as popular search items on download sites. Website owners typically install CAPTCHA tests to block malicious bots from auto-submitting forms.
In the context of software, a bug is a flaw that produces an undesired outcome. These flaws are usually the result of human error and typically exist in source code or program compilers. Minor bugs only slightly affect a program’s behavior and, as a result, can go for long periods of time before being discovered. More significant bugs can cause software/systems to crash or freeze. Security bugs are the most severe type, as they can allow attackers to bypass user authentication, override access privileges, and/or steal data. Bugs can be caught and remediated with better developer education, quality control efforts, and code analysis tools.
According to the latest data breach statistics, phishing attacks were used in 11% of social engineering breaches. Phishing attacks utilize e-mails or websites seemingly from trustworthy organizations to solicit personal information. For instance, an attacker may send an email masquerading as a credit card company or financial institution requesting account information, often suggesting that there is an issue with the user’s account. Another common phishing method uses emails disguised as letters from charitable organizations—in these cases, attackers often take advantage of current events or notable times during the year:
- natural disasters (e.g., Hurricane Katrina)
- epidemics and health scares (e.g., H1N1)
- economic concerns (e.g., Internal Revenue Service scams)
- major political elections
If the user responds with the requested information, the attacker can immediately access account in question—as well as other related accounts. Additionally, any attached malware that is opened can allow attackers to gain a foothold into the user’s IT environment.
11. Browser Hijacking
Browser hijacking—or deploying malicious code via web pages—has become a highly popular cyber attack method for infecting remote users. In these types of attacks, the simple act of visiting a malicious website results in the users’ browser settings being modified without their permission.
Though cyber attack methods are increasing in sophistication and frequency, these 3 basic rules of computer hygiene and cybersecurity can help prevent most exploits from occurring.
1. Implement a firewall.
Recent versions of Microsoft Windows include a built-in firewall turned on by default. Unfortunately, the Windows firewall has its limitations; for example, it does not examine outgoing connections. However, a plethora of competent firewall solutions can be had for little or no cost—Comodo Personal Firewall, ZoneAlarm, and Tinywall, to name a few.
2. Use up-to-date antivirus protection.
Installing and maintaining updated antivirus (AV) software is critical to ensuring a strong cybersecurity posture. Most popular solutions these days help protect against all types of threats: viruses, worms, trojans and adware, and more. Additionally, some solutions integrate spam filtering, internet browsing access restrictions, network attack prevention tools, and more.
3. Keep your software up-to-date.
Today’s software programs are a multilayered, complex assemblage of interconnected components and services, and quite often—popular applications will harbor undiscovered errors and vulnerabilities that undermine the user’s computer security. It is therefore essential that all software, including the operating system, are kept up-to-date in terms of patches, updates, and other service releases.