An attacker often writes their own software to exploit a vulnerability. In this video, you’ll learn about malicious code and how it has been used to gain access to some of the largest networks in the world.
As we’ve already discussed in this course, attackers have many things they can do to try to gain access to your systems. They might use social engineering to trick you into giving up access to an area or username and password. Or they might try using default credentials that unfortunately may not have been changed on newly installed equipment. And of course, misconfigurations can easily leave a door open for an attacker to walk right into your network.
These attacks may require some knowledge of the organization or of the users, but they’re not solely technical attacks. Logging in with default credentials or misconfigurations are errors that were left by the user and don’t require a huge amount of technical know how. But if the users are not susceptible to social engineering techniques, and the device has not been misconfigured or left with the default credentials, then the attacker needs some other method to gain access to those systems.
Instead of walking in an open door that was left unlocked because of default credentials, malicious code requires a bit more technical know how. And in this video, we’ll look at some of the techniques that attackers use with malicious code to gain access to your network. When we mention malicious code, we are really referring to many different methods that could be used to gain access to these systems.
This malicious code could be packaged in an executable. There could be scripts that are running on that system. There might be macro viruses or Trojan horses or many other methods of malicious code that can gain access to this system. Because there are so many different methods that could be used, we have to present a very strong defense against any possibility of malicious code.
So we might be using anti-malware to block executables and perhaps some scripts or macro viruses. We have a firewall to block traffic that may be known malicious passing through your network. We have continuous updates and patches that will always close these vulnerabilities if a security issue does exist. And of course, we need to train our users to use secure computing habits so that they don’t give people information over the phone or click unknown links inside of an email.
Malicious code was used with the WannaCry ransomware attacks to infect devices that were Windows systems that had a vulnerability using SMB, or Server Message Block version 1. This vulnerability allowed for arbitrary code execution so the attacker could effectively run any software they’d like on a user’s machine. This allowed the attacker access into the operating system. And from there, they can install additional malware to run the ransomware software.
Another type of malicious code was the one that affected British Airways with cross-site scripting. The attackers were able to gain access to the British Airways website. And they placed 22 lines of malicious JavaScript code on the pages used to check out when purchasing a flight. This allowed the attackers to start collecting credit card information. And by the time this was discovered, approximately 380,000 victims potentially could have had their credit cards stolen for this cross-site scripting attack.
And another type of malicious code was used with the Estonian Central Health Database. This is a database for the entire country of Estonia. And it was accessed using SQL injection as the malicious code. This allowed attackers access to the entire database, effectively breaching all health information for citizens of Estonia.