An apparently innocent “Like” click or newsletter subscription on an online store’s website could lead to the downloading of malicious software and the activation of a code, giving hackers access to passwords or enabling keystroke logging. The technique used by cybercriminals, which involves exploiting safe websites, is known as clickjacking.
Imagine a situation where we are presented a piece of paper with a form to input our username, password and other sensitive data. But someone has pasted a clear film on this paper, and the unsuspecting victim will write all information on it. The blank sheet goes to the intended recipient, while the film with the data goes to the data thief. Clickjacking attacks operate on this exact principle. Cybercriminals are capable of layering a malicious, invisible layer onto a trusted website. An internet user clicking on links that seem safe or filling out registration forms can unwittingly become a victim of fraud.
Cybercriminals planning clickjacking attacks have several methods at their disposal. Layering an invisible overlay on an entire website is the simplest approach, but its presence is easily detectable by EDR security software (Endpoint Detection and Response). Therefore, other tactics are used, such as hiding certain objects on the official site or introducing new ones. These can be posts resembling genuine social media content. In that case, clicking the “Like” button can provoke an unwanted action such as downloading malicious code or activating a webcam. In other occasions, they can substitute login forms, with the sensitive data entered directly into the cybercriminals’ database for further use or sale.
These types of attacks are complex and difficult to identify. Particularly alarming is the fact that detecting such activities from the perspective of a regular internet user is limited, and appropriate website security typically requires specialist assistance.
“Due to the covert nature of the operations, victims are typically unable to perceive the danger. There are, however, certain symptoms that can arouse suspicion among mindful internet users. For example, if content quickly changes after clicking on a personal data processing consent box, or if the page doesn’t respond to clicks, that could be an attempt at fraud. If a red warning light goes on in the user’s head in such or similar situations, it is worth reporting to the website administrator who can take appropriate decisions in verifying the case and restoring website security,” advises Robert Dąbrowski, head of the team of engineers at Fortinet’s Polish branch.
How to protect oneself?
Website owners primarily bear the responsibility for ensuring safety from clickjacking attacks. The most effective measures will be taken by a team of developers who can install on the website servers the necessary protective mechanisms to control the displayed content and prevent potentially dangerous browser content. But there are also some steps that companies can take to protect their employees and customers from such attacks.
Employee education is key. A knowledgeable staff can react and notify experts who have the knowledge and tools to neutralise the threat. Another crucial protective measure is installing a next-generation network firewall (NGFW), which includes an application firewall feature capable of recognising and blocking network threats, including clickjacking.
On the user’s computers, up-to-date protective software with a feature to scan opened websites should always be in place. Regular upgrades of the operating system and internet browsers is also crucial – some of the methods used by cybercriminals in the past were successfully blocked due to appropriate software safety measures.
Because of the continuous development of data presentation methods on the internet, cyberattacks similar to clickjacking will still occur. Victims will be lured into performing unexpected actions on websites appearing identical to those they previously used. Hence, continuous educational efforts aimed at increasing awareness that leads to thwarting cyberattacks by quickly reporting suspicious situations to administrators remain necessary. But it is equally important to introduce appropriate technical solutions to minimize the threat level.
Source: https://managerplus.pl/clickjacking-niewidzialna-technika-cyberprzestepcow-33666