If we look back at website attack methodologies, we can see a distinct shift in their target and focus. Traditionally, cybercriminals have focused on the infrastructure or webserver, taking advantage of holes in the operating system, or in the website code in order to gain access and steal customer data.
Organizations have since become better at protecting their source by implementing new and more effective perimeter technologies and as a result, cybercriminals have found it increasingly difficult and instead have turned their attention to the next weakness, the website user.
Buffer overflow attacks
Buffer overflow attacks can be used to target both the end user and also the website infrastructure. These can result in large data breaches, oftentimes resulting in full access to the organization’s customer data.
The most critical thing an organization can do to protect against buffer overflow attacks is to stay current on patching. When vendors become aware of security issues within their software, they will often issue fixes in the form of patches. Organizations should closely monitor the vendors they use and apply recommended updates, especially security related ones.
Web application firewalls are also often successful in preventing at least known buffer-overflow exploit attempts as these solutions can look for specific traffic patterns and block them if they look suspicious.
Cross-site scripting (XSS)
Cross-site scripting (XSS) is a common client-side cyberattack which takes advantage of websites which don’t sanitize user input.
Consider a comments section on a website; when a user enters their comment, that text gets stored within the website’s database and is then displayed for every other user viewing the same article or section.
This code could do everything from stealing cookies, monitoring keystrokes and capturing session tokens allowing the hacker to authenticate to the website as the victim.
Organizations can prevent cross-site scripting by employing strong coding practices and QA, which actively check all aspects that allow user input to ensure that validation is being performed.
The challenge with this however is that as with any technology, things get missed and bugs get introduced and when this happens, organizations often need security technologies to help prevent them from being exploited.
Structured Query Language or SQL injection also happens as a result of a website not accurately validating user-input and generally target the webserver and its backend infrastructure. In a SQL injection attack, SQL code is inserted into user-input sections of a website which are then processed as code by the webserver.
Consider a website that sells shirts. Generally, a user could use the website to search for blue shirts and when entered, the website would then create a code-based query containing the search term, blue shirts. The database server would in turn, run the query and return all records matching blue shirts.
If a cybercriminal was able to enter SQL code into the box, and the webserver, instead of validating it, just sends it to the database server, then the code is processed, as-is, and the database server would return whatever the code asked for. The perpetrator for example, may ask for all of the usernames and passwords from the database or other sensitive information.
The first layer of protection for preventing SQL injection is to utilize good coding practices. Most languages and libraries contain functions for accessing databases that are designed to prevent SQL injection. Where database access is required, these functions should be used.
WAFs and open source components can be added to web servers, such as Apache and Nginx, to look for SQL code within requests and prevent them when found.
Client-side data exfiltration and web skimming
Hackers will inject disguised, malicious code into one of the libraries which then has full access to anything that the user enters into the website. The malicious code will wait until the user inputs a credit card number into a checkout form, and then send that number to a server owned by the criminals to later be sold.
Inspecting not only your own code, but the hundreds of thousands of lines of third-party code too, is a mammoth task and is often not possible which is why many websites are vulnerable to web skimming.
Client-side protection is the only way to prevent data theft, utilizing a security technology that can effectively whitelist where website data can be sent.
In fact, there has even been press which suggests that ISPs are actively injecting code into websites, in order to display their own ads on sites that their customers visit.
Like with web skimming, the only real protection against adware and ad injection is to utilize website client-side security which can whitelist legitimate content sources, therefore preventing rogue content from being able to be injected and displayed.
Ensighten can help
Ensighten is the leader in preventing client-side data exfiltration and theft while at the same time providing technology which allows organizations to ensure that their website is CCPA and GDPR compliant. Learn more about how you can protect against common cybercrime methods – book a demo with one of our consultants.