How an Attacker Hacks you and what you & that Company can do about it!

An hackers most probable first attempt to get your credentials is to perform an MITM (Man In The Middle) attack.

In such situations, the hackers places themselves in the middle of you and your router by spoofing the mac-address of the router, to go through the attackers computer.

That said, and there’s little you can do about it else then paying attention RIGHT NOW is that I’m going to explain the Details you must pay attention for.

As many post on the internet / social media channels have explained, HTTP is NOT Secure.

But what is that? How can I tell?

For example, when you go to LinkedIn in your address bar (always’s the best choice on entering URLs directly in your search bar, more on this later), you can see if the page is Secure. If it’s not, do not think twice, leave that page and inform by means of a screenshot to your IT Administrator.

 

2019 05 17 12 10 02

 

This site should not be ‘Not Secure’ as for almost every webpage nowadays on the internet.

As you login, on a HTTP site, saying it’s ‘Not Secure’ but you do Login, a Hacker fetches your Credentials because his MITM program delivers the form submission to you.

 

2019 05 17 12 11 38

 

When a user goes to Google and the webpage is in HTTP, “Not Secure” you are most likely victim of an MITM Attack.

Where you can go wrong that if you’ve got a page like this:

 

2019 05 17 12 13 31

 

And you perform a google search for your cloud service, e.g. linkedin, company website etc, the Attacker, screens your search and replaces everything from HTTPS, to HTTP to an DNS Spoofed address, in which he can fetch the credentials you’ve entered like the example above.

The next Image is NOT the way to search for you Cloud Service Provider such as facebook, company website etc.

 

2019 05 17 12 13 49

 

Coutermeassures client

If you were to visit a page directly from the URL Address Bar, when HSTS is enabled for that Organisation, this would not work. (more details on this later for Company’s).

 

2019 05 17 12 12 55

 

Coutermeassures Developer / Company

Follow the Guidance here

https://www.globalsign.com/en/blog/what-is-hsts-and-how-do-i-use-it/

The example provide you guidances on how to implement HSTS on:

  • Apache
  • Lighttpd
  • Nginx
  • IIS Server

And Submit your Website on this page:

https://hstspreload.org/

You can check the status on that page after submission, and check if it’s been processed.

After that go to the following page and check your TLS and HSTS settings on the following page. I won’t be covering TLS Settings, but that might be an issue for you if you have never bothered to check against.

Testing for Compliance:

BE SURE TO HIDE THE RESULTS from others, since you don’t want to expose your webpage to unknowns.

https://www.immuniweb.com/ssl/

 

2019 05 17 12 37 11