The year 2020 has witnessed a shift in the digital ecosystem as major number of employees have taken a turn towards working from home. Thus, most organizational networks are now being accessed remotely by employees sitting at diverse locations spanning across the globe. This has given rise to new opportunities for hackers who are exploring different techniques to disrupt the vulnerable networks.
Here is a list of popular modern hacking techniques:
- H2C Smuggling: H2C stands for HTTP/2 cleartext. These attacks abuse H2C unaware front-ends to create a tunnel to backend systems. This enables the attackers to bypass frontend rewrite rules and exploit internal HTTP headers.
- Portable Data exFiltration: Cross Site Scripting (XSS) attacks are extensively being used to compromise data stored in PDF files and exfiltrate it to a remote server. The rate of these attacks has extensively increased with the increasing popularity of server-side PDF generation such as generation of e-tickets, boarding passes, etc. These PDF documents often contain sensitive information including bank details, passport numbers, addresses, and other personal data. In this attack, a malicious injection vector is injected into the PDF. When a user clicks on the link or anywhere in the PDF, the hacker can extract all the sensitive information entered by the user.
- TLS Attacks: Exploiting features of TLS (Transport Layer Security) makes it possible to land Server Side Request Forgery attacks. The attack technique involves exploiting technologies involved with TLS session caching. The hacker can manipulate the session to send a TLS session ID ticket or psk (pre-shared key) identity to his server.
- NAT Slipstreaming: NAT slipstreaming exploits the victim’s browser in conjunction with the Application Level Gateway (ALG) connection tracking mechanism built into NATs, routers, and firewalls. This is done by chaining internal IP extraction via timing attack or WebRTC, automated remote MTU and IP fragmentation discovery, protocol confusion through browser abuse, etc. As the destination ports are opened by NAT or firewall, this helps in bypassing any browser-based port restrictions.
Understanding of the hacking techniques is essential to formulate effective prevention strategy against modern hacking attacks. An effective prevention strategy is important to ensure the safety of organization’s network and individual user systems. A loophole in the cyber security strategy can cause major losses in terms of stolen data, user information, business secrets, etc.
For more information on popular modern hacking techniques, call Centex Technologies at (972) 375 - 9654.