What to Do When Sites You Trust Suffer Redirect Attacks

September 2017 was a very gray month indeed for people who are concerned about their security and the privacy of their data. For starters, Equifax – a major credit reporting agency in the U.S. – was hacked, leaking the personally identifiable information of 143 million people. Then there was the data leak from Amazon S3 servers. And now, the Equifax website for customers looking to mitigate problems with their credits report has (again) been hacked, redirecting people to malware. What should people do when they suffer redirect attacks?

redirecthack-equifaxlogo

Before we dive into how redirect attacks work, we need to talk about a little bit of history:

After the breach of Equifax, an organization that is trusted by various financial institutions to provide the credit reports of millions of people around the world, the company made efforts to try and remedy the situation

Despite all of this, its website still had vulnerabilities that hackers took full advantage of in the wake of the recent compromise. This led to Equifax’s website unintentionally redirecting people to a fake Flash update download that would install adware on their computers. The malware itself is not extraordinarily damaging since it merely displays advertisements on Internet Explorer. But in any other situation, things could get a lot worse.

A redirect attack happens when a hacker compromises a website to the point that its visitors are directed to a fake page when they click a link. To give you a proper scenario, imagine that hackers manage to hijack Facebook’s homepage so that every time you click on an advertisement, it takes you to an affiliate site that pays them every time they get a visit. That’s a more harmless example than the typical scenario, but it summarizes redirect attacks succinctly. You click a link you trust to take you somewhere, and it swings you somewhere else.

The simplest way to redirect someone to another website is to take advantage of vulnerabilities of a website’s database. Sometimes a well-executed SQL injection allows the hacker to slip some malicious code into a website’s output.

This isn’t always possible, which leads more clever hackers to find vulnerabilities in the software that runs the website or its content management system (CMS). Sometimes a vulnerability like Apache Struts CVE-2017-5638 that allows people to execute arbitrary code will occur.

redirecthack-security

It’s easy to feel helpless when trusted organizations suffer attacks that are easily preventable and do not take sufficient measures to remedy the situation. But there are a couple of things you can make a note of when you’re browsing the web to prevent yourself from falling victim to redirect attacks.

For starters, you should never open “software updates” or any other kind of executable file from websites that don’t usually hand them out. While you can expect to get a ZIP file with an EXE in it or just a plain EXE from a website like Softpedia – which many people use to download programs and utilities – you should never expect an EXE to come from an email attachment, a social media site, or from a credit reporting agency.

If you’re unsure of an EXE that you have received and expected, upload it to a trusted online virus checking utility like VirusTotal or Metadefender.

No matter how scary redirect attacks are, it’s helpful to keep in mind that they will often push you to a different domain name than the organization’s official one. Make a habit of keeping an eye on your address bar as you browse the Web. At some point it will become second nature, and you’ll notice any suspicious changes quickly.

Do you have any other tips that can help people arm themselves against redirect attacks similar to the one Equifax suffered? Let us know your ideas in a comment!

Leave a Reply

Yeah! You've decided to leave a comment. That's fantastic! Check out our comment policy here. Let's have a personal and meaningful conversation.