Cyber Jacking [Attack Types]


Cyber Jacking [Attack Types]

Introduction

A quicklist of cyber & tech related jacking terms.

Jacking – A street robbery, Stealing
Click on the specific Jacking type to jump on it.

CyberJacking

Usually referring to someone hacking an airplane. Companies state it’s difficult, impossible moreover, but we all got used to the fact that anything man built on this planet ended up as imperfect, exploitable, etc. There’s always a way, it’s just a question of someone’s dedication.

This term is somewhat related to hacking a drone, so we can assume that this term covers hacking anything that flies.

IJacking

Identify theft. Situation in which attacker obtains one’s personal information, bank statements, social security number, credit card numbers, usually for financial gains.

ClickJacking

Most of us, surfing/internet junkies had a situation in which we clicked on something that lead to unexpected things happening (mostly related to ads, but there were suspicious redirections) which consequently turned on panic mode.

ClickJacking tricks users into performing an action they didn’t intend to do, frequently by rendering an invisible page element on top of the action user thinks they’re perfoming. Sensitive information might be revelead, malware could be downloaded, malicious links could be opened in any case, nothing good can come of it.

There are a couple of variations of this attack:

  • Likejacking
  • Cursorjacking
  • CookieJacking
  • FileJacking

CryptoJacking

To most ambitious ones, this revives some memories, for others this is probably one thing you planned to do/test but never had time to do it. We’re not going to consider victim’s perspective here. People don’t utilize their devices much (in general) and aside from CPU cooler making a bit more noise than usual or their battery dying faster than before, no harm is done 🙂

Joking aside, CryptoJacking is an unauthorized use of someone else’s computer, tables, mobile phone or connected devices to mine cryptocurrency. Simple as that.

Great example was CoinHive, a service that allowed client’s browsers to be utilized to mine cryptocurrency (via small code placed on websites). It was closed on March 2019.

This attack is still at the very top of the global malware theats list.

WebJacking

What is Webjacking is debatable. Some consider it to be a website takeover, taking control and changing the content or redirecting users to an attacker’s website, other simply state that it’s a clone of some other website. Whatever definition you accept, both usualy include some malicious activity.

FormJacking

In short it’s a use of malicious JS code to steal data from payment forms on checkout web pages (user info, credit card details, etc).

MageCart is a name frequently tied to FormJacking. It’s an organization or a cluster of smaller groups, that is believed to be behind many of the most high-profile formjacking attacks.

Attackers need to modify JS in order to conduct this attack. They either find access to your website or go for third-party vendors (especially if they’re easier targets). Third party services are often used by many websites and are more difficult to detect, so they’re definitely more preferred targets. That’s the same attack MageCart attackersused to steal the data from 385k passengers (CC, Transactions, Personal details,etc) from British Airways website. It took 2 weeks to detect the breach.

With gained access, next step is to modify JS to capture and transmit sensitive data. That can be easily achieved using KeyLogging, Sniffing and here using FormJacking in which they’re replacing certain fields making the form send information to attacker’s servers. To try and hide modifications and data transmitions, attackers are turning to script obfuscation and hiding data transmition as GET/POST requests to some image, etc.

JuiceJacking

Not much to say here, JuiceJacking is an attack in which free/public smartphone charging terminal is used to install malware on your device. When you connect your device to a “rougue” charging station, hidden device there could upload/execute some malicious code, making your device do anything or simply stealing your private data like contacts, pictures, recent phone/browser history, cookies/sessions, etc.

Wi-Jacking

An attack in which attackers accesss neighbor’s WiFi without any form of cracking, relying on saved browsers creadentials which are reused again for the same URL. Certain pre-requisites need to be met.

  • active client device on the target network
  • client device have previously connected to any other network (with automatic reconnection)
  • client device is using Chrome or Opera
  • client device have router admin interface credentials remembered by the browser
  • target’s router admin interface has to be configured over unencrypted HTTP

New browser versions have been patched, but it’s an interesting approach, worth mentioning.

ScrollJacking

Scrolljacking is basically an action in which scroll wheel/motion is repurposed for something other than expected behaviour. Not really an attack, but can be used to inflict damage.

BrandJacking / Reputationjacking

BrandJacking is a type of forgery, exploiting the trademarks of well-known companies to trick victims and gain their trust. For e.g. fake invoice notifications or requests for account verification.

SideJacking

SideJacking is the process of stealing someones’s access to a website via session cookies (session hijacking). Most fequently on unsecured public WiFi connections. Attacker basically sniffs out the packets containing “session cookies” and using that information to access victims account.

HTTPS/HSTS makes this a bit difficult to execute, but there are still vast number of sites that don’t use it. Once the user logs out, session is destroyed (attacker loses access), so it’s a good idea/practice to always logout.

HyperJacking

HyperJacking is an attack in which hacker takes control over the hypervisor to gain access to VMs and their data.

There are two types of hypervisors:

Type-1, native or bare-metal hypervisors, run directly on the host’s HW to control HW and manage guest OSs.

Type-2 or hosted hypervisors, run on a conventional OS. A guest OS runs as a process on the host. So, we here have an abstract guest OSs running on the host OS (VMWare, VirtualBox, etc).

Rare due to difficulty, but considered as a real-world threat.

PageJacking

PageJacking is basically a process of illegaly copying website content/pages to another website in order to direct traffic from the original site to a cloned one. People behind this rely on search engines to index clones, mixing the pages with the original website. Users are deceived into believing that a cloned website is the real one. Further actions might be some redirections to unwanted content or worse.

TabJacking / TapJacking / TabNabbing

TabJacking (TabNabbing) is somewhat confusing term.One definition states that it enables attackers to inject malicious code into the tabs of your browsers, worms, trojans, simply taking control, using them for marketing activities and advertising, etc. Other definition simply states it’s a type of phishing attack in which one tab after period of inactivity changes its content. For e.g. person can open some website in one browser tab and than switch to another. First tab can detect a period of inactivity and replace the content, for instance it can now show gmail login page. Uppon return, inexperienced users might be deceived/tricked and end up entering login credentials (not noticing the URL is not the right one).

TapJacking is same/similar, deceiving users to click/tap on something they did not intend to click on. For e.g. screen overlays (TYPE_APPLICATION_OVERLAY), are windows drawn on top of other apps. User might think he’s interacting with overlay but in reallity he’s performing actions in the underlying app. This way, user can be tricked into enabling certain permissions or changing some dangerous settings.

BioJacking [BrainJacking / HeartJacking / BionicJacking]

There are many terms related to hacking an implanted medial device, so it’s best if we merge them all under one term we “invented”, BioJacking. Yes. we’re in that age. Future is here.

Brain neuroimplants are used to treat wide range of conditions (Parkinson’s, chronic pain, depression,etc. Wireless communication can potentially be intercepted and implants reprogrammed. Attackers could affect target’s psychological state or with some implants maybe even paralyze them for a while. Applications are endless. Attacker could affect some businessman to make a wrong decision if they turned off implant that manages depression, or can immobilize someone driving a car.

Heart implant flaw (CVE-2019-6538) is that Conexus wireless protocol has no authentication or authorization and it doesn’t use any wireless encryption (CVE-2019-6540). Attackers can take control of the communication and potentially configure life-threatening settings on ICD device (Implantable Cardioerter Defibrillators). There’s also privacy issue, where an attacker can simply sniff out the traffic between cardiac and control devices, and learn about the person’s specific condition.

Bionics are constantly being developed, some read muscle impulses other communicate directly with the brain, and as with previous situations we mentioned, bionic hacking is a possibility. Attackers could hack a bionic leg setting it to malfunction when person is on top of the stairs, or maybe forcing bionic arm to stab the owner when he’s holding the knife in the kitchen.

Unfortunatelly, medical companies and clinics are not setting high priority on security, counting on probability/likelihood of something like that happening, questioning the motives on why would someone do such things. They’ll most certainly work on improvements, but overall, scary s***.

PasteJacking

Pastejacking (Clipboard poisoning) is a method that malicious websites employ to take control of your computers’ clipboard and change its content to something harmful without your knowledge.

Usual example is situation in which user copies some terminal commands from a tutorial on some website, pasting it into his local terminal, but instead of those commands, malicious commands get copied to clipboard too. Malicious part get executed first, screen gets cleared and then copied terminal commands get executed afterwards. User doesn’t see the difference, but in the background for instance meterpreter session got opened.

MetaJacking

Attacker stealing the content of another high ranking website’s HTML Meta tags (page description, keywords, etc) in order to place his own website higher in a search engine’s results.

ThreadJacking

The simple act of taking over an email list or discussion thread with a subject unrelated to the original posting.

MouseJacking

Exploiting wireless, non-Bluetooth keyboards and mices to take control over the victim’s computer. Can be used to perform malicious activitis, typing arbitrary text, sending commands, sniffing, etc.

TrendJacking / NewsJacking / DateJacking

TrendJacking/NewsJacking is basically attention hijacking. Taking advantage of current events and news stories in order to promote one’s idea, product or brand by injection them into one’s news and reports.

Compared to dynamic nature of NewsJacking, DateJacking is similar, but it focuses on well known, popular, celebrated events and dates. It definitely provides enough time to prepare the content and strategy.

DataJacking

DataJacking is a trend of going after corporate data in production environments. It can definitely be categorized as a type of ransomware.

Conclusion

Well, there are many ways you can get/end up “jacked”. Now that you know that everything might not be as it seems to be, question things, question devices, question sources or behaviours, try not to be a victim.