When talking about the attacks and threats users must face every day, people often highlight those that are more or less predictable, such as malicious archives sent as email attachments. Even though these threats are still very present (e.g. in the different ransomware variants), cybercriminals also use many other attack vectors. Some of the most dangerous are those that involve scripts, since they are difficult for users to detect.
How does a malicious script work?
Malicious scripts are code fragments that can be hidden in otherwise legitimate websites, whose security has been compromised. They are perfect bait for victims, who tend not to be suspicious because they are visiting a trusted site. Therefore, cybercriminals can execute malicious code on the users’ systems by exploiting some of the multiple vulnerabilities in the browsers, in the system itself, or in third-party applications.
If we take a look at recent examples, we will see that cybercriminals have been using well-knownexploit kits for years to automate these infection processes. Their operation is relatively simple – they compromise the security of a legitimate website (or else create a malicious website and then redirect the users to it from other locations), and install any of the existing exploit kits. From then on,detection and exploitation of vulnerabilities in the systems of users visiting that website can be automated.
This can be seen in malvertising campaigns, where ads displayed on compromised websites have malicious code embedded in them. If accessed, they would allow cybercriminals to gain control of a device and launch attacks.
The reason why the execution of such code is accomplished automatically and without user intervention has much to do with the permissions that are granted during system configuration. Even today, the number of user accounts with administrator rights on Windows systems is still overwhelming, and this is totally unnecessary in most situations of everyday life.
This, together with the poor configuration of any of the security measures integrated to the Windows system itself, such as the UAC, enables the vast majority of these malicious scripts to operate unimpeded in hundreds of thousands of computers every day.
If only the users would set up this security feature at a medium/high security level, many of these infections could be avoided, provided that users are aware of the importance of reading the alert windows displayed by the system instead of making the mistake of closing them or, worse yet, clicking on the “OK” button.
How to protect yourself from malicious scripts
We know that malicious scripts have been used by cybercriminals for years to spread all kinds of threats like trojans, ransomware, or bots. However, at present there are adequate security measures available to – at least – mitigate the impact of these attacks. The only thing you need to do is set up the security measures that can protect you against these types of attacks and think before you click.
by Josep Albors, ESET We Live Security