Malware Data Theft will ‘APPen

As applications drive business, more and more valuable data is accessed and exchanged through them. And so cybercriminals attempt to compromise apps with schemes like social engineering, credit card fraud and selling corporate intellectual property. All intended to generate increasing returns. In a world of different types of criminals with varying skill levels, time commitments, resources, and specialisations, there’s only one constant. Attackers have their eyes set firmly on apps and the data behind them. And they’re using malware to steal it.

Malware is a general term that includes any piece of malicious software designed to pose a threat to users. Here are some of the ways cybercriminals use it to compromise the integrity of applications and steal private data:

  • Bot site scraping
    Attackers use autonomous programs for malicious purposes. For example, using a bot to duplicate a website, which can then be scanned for pricing information (which helps competitors). Or intellectual property such as videos or PDFs, email addresses or usernames that are sometimes hidden in web code. Also logos or graphics, which could help an attacker design a realistic phishing site.
  • Credential stuffing
    Here, cybercriminals use stolen login usernames and passwords to make repeated attempts to gain access to accounts held by corporate users or customers. The success of these attacks is fuelled by password reuse across multiple accounts.
  • Content injection
    Attacks happen when a cybercriminal eavesdrops, intercepts, or alters communication between two parties – without either of them knowing. Without the guarantee of encryption provided by HTTPS, users can’t ever be sure that the page they’re looking at (and entering data into) is the page they think it is. Cybercriminals also employ clickjacking (hiding malicious links under legitimate content) to perpetrate banner-ad fraud or trick users into installing malware.
  • Malware ‘Man In The Middle’ attacks
    In this specialised attack, a user infected with malware browses a site. The malware recognises the URL as one it wants to steal credentials from and injects malicious JavaScript, which functions much like content injection, but at the software level. The injected script then redirects the session to a fake page that collects the user’s username and password.

After they steal data from applications, criminals turn their sights to profiting from that data. Sometimes the scheme is as straightforward as stealing bank account credentials and draining the account or using ransomware to extort a payment from a business or individual. However, cybercriminals also sell the intellectual property, user IDs, and email addresses to other criminals or to unknown users on darknet forums.

Protecting organisations from malware with a layered defence

As technology continues to evolve, so will the scams that cybercriminals use to make money. While there’s no single thing that can prevent these kinds of attacks, a layered defence strategy can help dramatically reduce vulnerability to malware.

  • Strong authentication
    Since credentials are almost always the target of malware attacks, strong authentication can help keep the identities of users’ secure and organisational data safe.
  • Fraud monitoring
    This employs a combination of machine-based analysis and human experts who evaluate the behaviour of accounts that can’t be classified as either definitively bad or good through machine learning.
  • Web application firewall
    A robust web application firewall can stop bots from scraping sites. Protecting intellectual property and decreasing the chances of a successful phishing campaign. They can detect and stop brute force and credential stuffing attacks. And also identify and block browser session hijacking attacks and prevent the execution of fraudulent transactions.

So in this rapidly changing app-centric world, complexity is the order of the day. Siloed threats mitigated by point solutions are long gone. With apps being delivered from anywhere and everywhere – including data centres, private and public clouds, containers, and SaaS platforms – adopting an integrated approach to security is critical to protecting infrastructure, applications, and data. We partner with F5 as leaders in the application services industry that pride themselves on their ability to make applications available anywhere, any time and on any device.

‘Malware Data Theft will ‘APPen’ excerpts taken from the F5 paper entitled ‘How malware can steal your data and what you can do to stop it’.

Download Whitepaper

As applications drive business, more and more valuable data is accessed and exchanged through them. Find out more by downloading the whitepaper.

Download Whitepaper