The Dangers of Malicious Websites in Sheep’s Clothing

Behind the Scenes of Your Browser

When browsing on the Internet most people realize that there are potential risks. For example, a malicious website may attempt to install malware on your computer. In other cases, a malicious website may attempt to trick you into providing confidential information by impersonating another legitimate website. There have even been cases were valid websites have been hijacked and used to pass malicious code to unsuspecting visitors. Whatever the case may be, ultimately the attacks were focused on the users and their computers. However, a lesser-known form of attack has recently gained traction in the cybercriminal community and unsuspecting users are putting their corporate networks at risk.

When you browse on the Internet, you generally start by typing a URL such as “http://www.sosdailynews.com.” This address tells your web browser to connect to a specific website. From there, the website may give your browser additional instructions about where to connect to complete the online experience. In some cases, the original URL you typed changes completely and you are redirected to a completely different address before you ultimately end up at a webpage. In addition, a company’s website may pull content from other websites to enhance their own webpage. An example of this would be a website that has included a YouTube video in the middle of the webpage. While this YouTube video is actually being provided by the YouTube website, the website you connected to has directed your web browser to load that video from the YouTube website. This happens even though you are technically on another website. Of course when you visit the original website, you have no idea what is happening behind the scenes or what additional web sites your web browser is connecting to. You simply see the final page, which included a video.

While this may seem a little complicated, the important take away is that you can visit one website and behind the scenes that website can tell your web browser to visit numerous other websites; and you are none-the-wiser.

Your Network is Always at Risk

Now, think about the network where you work. Often there are numerous other devices on that network ranging from printers and mail servers to TV’s and digital surveillance systems. All of these devices are protected from the Internet because a firewall or other security device has been placed between the corporate network and the rest of the Internet. This device allows you and others on your network to connect out to the Internet, but doesn’t allow people on the Internet to connect into the corporate network. This means that people from the Internet can’t just attack machines on the network at the office. That said, many of these devices on your corporate network, such as digital video surveillance systems do allow users on the same network to communicate with them often via the web browser. In addition, these devices often contain vulnerabilities that could be exploited, if only criminals could reach them.

This is where everything that has been talked about above comes together. Criminals have realized that while they may not be able to connect directly to devices on your network such as your computer, your web browser can. So, they create websites that tell your web browser to attempt to connect to common IP addresses for devices that might be on your network. An IP address is the identifier for devices on a network and often times manufacturers set defaults. Of course they don’t just tell them to connect. They pass along additional information in the URL that can exploit vulnerabilities on these devices and install malicious code. This ultimately will give the criminal remote control of that device. More importantly, it gives him complete access to the same network you are on, bypassing the firewall or other security products designed to keep him out. In addition, when logs are reviewed later for suspicious activity, it will appear as though you were attacking the device and not someone else.

Be Careful Where You Click

What actually is taking place can be extremely complicated. What is important for you to understand is that simply browsing to a malicious website may be all that is needed for a cybercriminal to attack not only your computer, but other vulnerable devices on your corporate network. And you will never even know it happened.

This is why it is so important to avoid visiting unknown websites and limit random web browsing while at work. Each new website that you visit increases your chances for attack and cyber criminals are very creative in luring you to their websites. In many cases, criminals will create advertising that caters to certain businesses such as banking, healthcare, general business, or even higher education. Their hope is that their ads will contain buzzwords that capture the attention of potential victims and entice them to click the link. Once a victim clicks the link, the attack begins immediately but to the user browsing the page, nothing will seem out of the ordinary. In most cases, the information the user was searching for will actually be presented to keep him from becoming suspicious.

Unfortunately there is no specific software you can install or telltale sign that a website is performing these types of attacks. The only real solution is to avoid going to these websites in the first place; and that requires strict discipline on your part to limit the amount of unknown web browsing you do.