The 10 sneakiest hacker attacks

Malware capable of sneaking past your defenses is the Holy Grail of the criminal world. Know your enemy. Here are the 10 sneakiest ways hackers breach your stronghold.

intro sneaky malware2
Thinkstock

Cunning cybercriminals

When it comes to malware, we live in scary times. Each day brings another tale of hackers breaching networks loaded with private customer data. The public has become so desensitized that it shrugs at the news of ten million records stolen or a company’s private emails being leaked onto the internet.

As security professionals, we can’t live -- 24/7 -- in fear of an unseen enemy.

What we can do, is secure our stronghold. Early detection can stop a malware attack before headline-worthy damage occurs. Most attacks begin in one of two easy-to-secure ways: Social engineering or unpatched software.

But malware can be exceptionally hard to detect as hackers strive to be more and more stealthy. Here are the world’s 10 stealthiest malware programs.

1 powershell malware
Thinkstock/IDG

PowerShell malware

Microsoft intended its PowerShell scripting language to be a flexible tool for remote management of Windows and Active Directory. It is great for automating routine tasks and remotely controlling lots of computers. Hackers love it for how difficult it is to detect when used maliciously.

Hacking with PowerShell has quickly gone from proof-of-concept programs created by researchers to the tool of choice for bad guys. Lately, it is the rare enterprise attack that doesn’t involve PowerShell. Usually, most of the coding is carefully obfuscated to prevent detection. 

Two popular PowerShell toolkits are PowerSploit and PowerShell Empire. They are advertised for legitimate penetration testing but are a hacker’s tool of choice. There are ways to defend against them -- such as allowing only legitimately signed scripts -- but often enterprises wait until it’s too late.

2 malware in new devices or software
Thinkstock/IDG

Malware in new devices or software

No one expects a new phone, computer, or software program to be infected, but it happens. And it doesn’t discriminate against popular companies. Malware ends up the world’s biggest products, including Apple’s and Microsoft’s. It arrives on compact flash memoryUSB keysnetwork devices, and smartphones. Even digital picture frames aren’t safe. Microsoft once discovered that 20% of brand new PCs sold in China contained malware

How does it happen? Sometimes malware is accidentally installed by a manufacturer who was infected and didn’t know it. Other times rogue employees deliberately infect products. Sometimes it’s added by a contractor before the device gets back to the vendor. However it gets there, the customer ends up with an exploited device right out of the box.

3 malware on the wireless router
Thinkstock/IDG

Malware on the wireless router

Wireless routers are the great frontier of hackers. They are, essentially, minicomputers, which can be over-air updated with custom code. Even better, many run easy-to-exploit code or are protected only by default passwords. Hackers have long taken advantage of the weak security on routers. But this has gotten easier with tools that automatically search the Internet for victims.

Hackers hack routers to steal financial information traveling over the wireless network or to harvest the router’s processing power for their own purposes -- or those of anyone who pays them.

This latter avenue of attack can make a slave of any vulnerable Internet-connected device. The most popular IoT malware program -- Mirai -- is used by hackers to enslave huge botnets of home Internet appliances that conduct massive DDoS attacks.

4 task scheduler malware
Thinkstock/IDG

Task Scheduler malware

Most Microsoft Task Scheduler jobs running on Windows PC are a total mystery to most people. There might be dozens of legitimate jobs running at any time, and deleting the wrong one can create huge problems. But determining which jobs are necessary, which are unnecessary, and which are downright malicious is difficult and time consuming. 

Malware writers take full advantage of this confusion.

Malware that installs itself as a Task Scheduler job often gets elevated credentials, which is bad. Even worse, though, the job can redownload the malware after your anti-malware scanner has cleaned it out. In fact, the most distinct symptom of a Task Scheduler infection is a rogue program that persists despite your efforts at clean up. Having an incredibly hard time removing a malware program? Check Task Scheduler.

5 the hazards of trusting digital certificates
Thinkstock/IDG

The hazards of trusting digital certificates

Hackers love to take advantage of the extra trust we give digital certificates by exploiting them whenever possible. Unfortunately most users don’t understand digital certificates well enough to recognize a maliciously compromised one. Increasingly, operating systems and browsers have been taking the trust decisions out of user’s hands. 

That has helped. But, in response, hackers instead steal legitimate, globally trusted, code-signing certificates and use those to sign their own malware. In that case, the user gets a Trojan horse masquerading as a legitimate program or update and unwittingly installs it. Sometimes hackers even duplicate a company’s certificate without directly stealing it, as was the case with the popular Flame malware program. Experts are worried that these digital signature attacks could increase with the recent successes against the SHA-1 cryptographic hash signature, and it’s the primary reason they are recommending the world upgrade to SHA-2 as fast as possible.

6 network worm
Thinkstock/IDG

Network worm

In 2003, the SQL Slammer worm infected over 100,000 unpatched SQL instances in under 10 minutes. To this day, that is the record for a fast-infecting network worm. Worms died down for a few years but they are back with a vengeance. The recent WannaCry and Petya ransomware programs are clear examples of this. 

Worms prey on unpatched software or user configuration errors, such as weak passwords, to break into their next victim’s computer. Both WannaCry and Petya exploited millions of unsuspecting PCs, surprising users who thought they were protected.

Network worms are always the scariest malware programs because, as SQL Slammer showed, they spread quickly, do their evil, and get out. The damage is done before the humans know what is going on.

7 social media app
Thinkstock

Social media app

One of the sneakiest attacks of modern times comes to you via your friends. It happens like this: You get an unexpected recommendation from a friend to install a new, cool app or to watch a prank video, which is really a malicious program in disguise. If you run the rogue code, hackers end up owning your social media account and begin to exploit all your friendship linkages.

That initial request wasn’t from a friend. It was from the hacker who took over their account. The hacker will use each account to take over more people’s accounts, steal money, or even to hack into corporate networks. Hackers are highly aware that many social media users use the same log-on names and passwords on their personal websites as they do for their corporate networks, so cracking one often gives them access to others.

8 wireless man in the middle
Thinkstock/IDG

Wireless man in the middle

You walk into a friendly, local shop for some coffee and to read your morning email. You don’t suspect – or know – that a hacker sitting in the same shop has grabbed your supposedly protected web credentials out of the air.

No tool made this easier than Firesheep. It quickly became a favorite for both hackers and for penetration testers trying to scare senior management into taking wireless and web security more seriously. Although Firesheep has been retired by its developer, plenty of other tools do the same thing -- nearly all free and just waiting to be downloaded and used.

Correctly configured wireless connections stop this threat, but I challenge you to find a computer with all its wireless connections perfectly secured.

9 in line keyboard logger
Thinkstock/IDG

In-line keyboard logger

Keyboard loggers are tiny hardware devices that, once installed between the keyboard and keyboard input connector on a computer, grab whatever is typed into that keyboard. They don’t work on smartphones or laptops (no external keyboard) but hackers manage to find plenty of traditional PCs in hotels, financial organizations, and other public areas to exploit.

The attacker sits at the computer, acting like a normal user, to install the device. It’s easy to hide it because the keyboard cord, with keylogger installed, are usually hidden behind the computer or below it in a computer cabinet. Then the attacker leaves, waits a few days, and comes back to grab his device. With it, he takes home a gold mine of juicy passwords and other confidential information.

10 usb hacking devices
Thinkstock

USB hacking devices

Ever since USB-form-factor computers developed enough storage and processing power, hackers have been salivating over their exploitation potential. Dozens of hacking tools and complete Linux distros fit on USB keys. You can buy one online for less than $100. Just plug it in to a victim machine and let your hacking scripts do their worst.

One popular tool is Bash Bunny by Hak5. It contains two attack modes, which the user can configure with an easy-to-learn script. For example, one mode could exploit a Windows computer; the other a Mac. All you have to do is walk up to a victim’s unmonitored computer, plug in the device, wait a few seconds, and walk away with your captured treasure. Or you can leave it plugged in behind a computer to set up a hard-to-discover, rogue hacking computer that is always present on the victim’s network.