On the internet, cybercrime grows year by year, every day millions of sites and systems of various types are reported to be the target of cybercriminals. The reasons vary from attacker to attacker.
Some do it for money, both by stealing sensitive information related to the users of a site, for example the case of online shopping sites, as well as defrauding them directly through the use of, in part, social engineering. Many people and companies are affected by this type of attack annually.
Others do it out of activism, so that their attack becomes a way to claim their ideals towards society, and in general, it is usually government sites that are most affected by it. In general, these types of cyber-cymbals tend to “defacement” the site by replacing the home page of the web with a page that shows who they are and why they have done what they have done. What does not remove the possibility of further damage to the system and/or affected people.
There are even attackers who commit these crimes for fun and/or to prove themselves, as some resolve that there is no more realistic computer security testing lab than the real world itself.
The intentions would come to be the least, especially when the damage has been done. It stands to reason that the latter was the most fruitful for cybercrime.
The complexation of communication technologies and the exponential growth of the digital market allow the possibilities of attacking computer systems to proliferate as well.
Attackers use an intrusion methodology that can vary from case to case, this is because they are not following a professional pattern or have rules to adhere to. In general, most tend to look for vulnerabilities in the system directly.
The first thing that is usually done is the Info Gathering phase, or information gathering. In this phase, what is sought is to gather the greatest amount of public information available on the net. For this, search engines such as Google, Bing and SHODAN are used in order to make specific queries about the objectives.
Tools that help these tasks can also be used.
As for the search for vulnerabilities, there are techniques that can be applied directly on the web, as well as tools. This is because not all security flaws can or need to be exploited through the use of specialized software.
The attacker, once he finishes collecting the information about his target and searching for flaws, goes to the exploitation phase, where what he does is try to use those flaws in order to cause abnormal behavior that benefits him in his work. .
For example, simply explained, SQL failures lead to the well-known SQLi or SQL Injection attack. This flaw allows malicious or malicious code to be “injected” into SQL code programmed for database manipulation.
This flaw is one of the most common and persistent in history, and literally lies in the incorrect checking or filtering of the variables used in a program that contains, or generates, SQL code.
In this way, we can say that the queries made to the database under this attack are not normally allowed. This leads to sensitive information within the database being exposed in a matter of minutes. This type of failure can occur in any programming language or script that is embedded within another.
This is one of the most dangerous attacks due to the range of possibilities it gives the attacker once it has been carried out. Although in the web case, an attacker searches for access credentials to be able to do a privilege scale, it does not remove the possibility that they also edit or modify data and records, provide access to themselves or third parties, and even stand up to the execution of another type of malicious code on the computer it attacks.
The SQL failure that allows this occurs, both automatically when a program carelessly assembles an SQL statement at runtime, as well as during the development phase, with the programmer explaining the SQL statement to be executed unprotected, being the latter the most common of situations.
However, the ignorance of the administrator and / or programmer does not always take this form, since there are dozens of cases in which the security flaw occurs due to an outdated component that exhibits abnormal or unwanted behavior.
These types of events are usually the most common and are those that give attackers the opportunity to violate a website.
Many other times, it is the administrators who, believing that they would never be the target of a cybercriminal, maintain very inefficient security habits. One of them is predictable access credentials.
Take for example the case of the “Brute Force” attack. It is the tireless trial and error of usernames and passwords at a system login. What is generally done is to use software capable of loading what would be called a Dictionary; an attacker created text file where it puts all usernames and passwords to be tested.
With this, the program in charge of carrying out the attack tests all the possible combinations between users and passwords based on the previously selected file. It is an inelegant attack, which has its highest effectiveness rate when the administrators of the system in question use access credentials that are too simple or even predictable.
The historically known examples are:
• user: admin password: admin
• user: user password: password
• user: 1234 password: 1234
Some of the most used passwords of the last years are:
And all those that occur to you that may be of the same ilk.
For example, those who reconstruct their own names alphanumerically, which is not advisable at all, since attackers often try this type of attack first, especially if they see that the targets to attack do not have great complexity.
Finally, the post-exploitation phase is usually the most tedious, because it is in which cybercriminals leave their mark in a visible way. Many of them are the well-known “Defacers”, who despite any other damage caused by their attacks, also have the habit of, as we mentioned before, do things like change the Home of your website, for a totally personalized one by them, where explain their reasons or .
These errors, however critical they may be, can in many cases be detected with penetration testing or a simple vulnerability scan. And in many cases it could save a lot of time and money invested in your system, not because a website is not well known or in its first steps, it means that it could never be the target of a cyber attack.
In these cases it is always better to analyze than to repair.