When you download an app, use a website, hire an employee, or install software, you implicitly express your trust in that product, company, or individual. Unfortunately, trust is not always well placed, and anything from a company offering services to your business to a program online may violate that trust. When malware poses as an entity or thing which you trust and have given permission to access your computer or servers, it is known as an abuse of trust attack. When a person, company, or thing abuses access privileges, it is known as an abuse of privilege attack.
In these attacks hackers prey on your desire for quality software, on your trust of existing programs, or on your actual trust to make their way past your defenses to steal data.
Abuse of Privilege Attacks
Abuse of privilege attacks include any attack in which a person, company, or organization abuses the access privileges you have given them in order to steal data. This abuse of trust results in someone using valid login credentials to access data that they shouldn’t, or to access and distribute data against your wishes.
Abuse of privilege attacks can happen as an inside attack (disgruntled employee), outside attack (hacker obtains your login credentials), or through a company that you are working with. For example, if you are using a cloud service, and the cloud service is compromised, someone could access your data and information.
Abuse of privilege attacks are difficult to protect against, but you can work to defend yourself by choosing trading and technological partners wisely, vetting employees, and carefully controlling who has access to critical information.
Abuse of Trust Attacks
Abuse of trust attacks can be divided into multiple categories, and your business may be vulnerable to any of them.
Malicious Advertising – Malicious Advertising or Malvertising happens when hackers infiltrate ads on your site, or someone else’s, infecting computers that visit the site. Sites that have been hit by malvertising include YouTube, Amazon, and many more.
Signed Malware – Signed Malware refers to malware that has acquired a Certificate of Authority, either by claiming to be part of an established brand or pretending to be a legitimate company. Because many computers automatically trust CAs, these malware programs can sneak past your defenses.
Copycat Attacks – In some cases, hackers will duplicate existing programs and create a copycat loaded with malware. When you download the program, your computer, workstations, or servers are infected. For this reason, you should only download programs from official websites.
DLL Sideloading – Some hackers will attack trusted applications on your computer or servers. The hacker can then send a DLL file to the application, causing it to download malware.
Man in the Middle (MiTM) – Some applications must connect to other networks and websites to retrieve data for you to use. A MiTM attack happens when a hacker attacks the connection point, so that your software either retrieves malware, shares data it shouldn’t, or enables the malware to access your business network.
Abuse of trust attacks work to steal data, infect computers, and infiltrate networks to ransom data, find confidential information, or spread the malware to other computers. In most cases, the intent is to steal confidential data such as credit card information, intellectual property, or other saleable data.
4 Steps to Protect Yourself from Abuse of Trust Attacks
Abuse of Trust attacks can be outside of your control, but you can take steps to minimize your risks, reduce attacks, and reduce damage from attacks.
- Use a Firewall – Firewalls will protect you from a great deal of Abuse of trust attacks. If you have a quality firewall, you can dynamically white-list individual sites and applications that can access your files and servers. This effectively stops programs like BERserk, which forges signatures, as well as malvertising and other similar abuse of trust attacks.
- Verify File Reputation – If you cannot download a file or program from the official website, you shouldn’t download it at all, especially not onto your business network. If you’re downloading a new program from a company you aren’t familiar with, you should also take the time to verify their legitimacy and quality before downloading.
- Use Antivirus – A quality antivirus with real-time scanning may be able to stop and prevent copycat applications, DLL sideloading, and other types of abuse of trust attacks as they happen.
- Educate Employees – Take the time to educate employees so they are aware of risks, know best practices for file and program safety, and do not download programs or files from email.
- Any redirect from a well-known site to an unknown site is likely to be harmful.
- Applications and files sent via email should always be scanned with an antivirus program before opening. Emails with attachments from unknown and unexpected senders should not be opened.
- Files should only be downloaded from official sites
- Antivirus and firewall programs should be running at all times and with the most current version in use
- Work computers should not be used to access the internet or unnecessary applications
Protecting yourself from abuse of trust and abuse of privilege attacks largely means adopting strong security policies, educating employees, and using antivirus and anti-malware programs to protect your computers. Unfortunately, because an abuse of privilege attack does sometimes mean that people, applications, and things you trust will be compromised, there is no way to completely rule out this type of attack. For this reason, you should develop security measures to protect your data in case of a breach, reduce risks in case of malware on your computer, and create policies for mitigating risks in case the worse happens.
Abuse of trust attacks cannot be stopped completely, but you can work to reduce your risks. A Threat Sketch Risk Assessment will help you to identify your highest priorities, so you can allocate your budget and make the best decisions for your business. Visit our education page to learn more about cyber security and how to combat risks faced by your business.
About the Author: Brandy Cross is a freelance writer specializing in technology and marketing solutions for SMBs, with experience writing for everyone from startups to Fortune 500s.