12 Apr, 2021

How to Prevent Clickjacking from Taking Down Your Website

Clickjacking is a form of malware that hijacks your visitors' clicks to collect information or send them to malicious websites. By performing regular scans and using X-Frame Options and a WAF, you can keep your website secure.
It's hard enough to be a website owner/operator these days. Along with selling a winning product, creating an engaging design for your site, and coming up with content people will want to interact with, you also have to keep your site secure. If your site is vulnerable to cyberattacks (like cross-site cooking attacks), it can do untold damage to both your relationship with your customers and your financial bottom line.

So how would you feel if you knew there's actually a flaw in the design of HTTP cookies that actually make it EASIER for malicious actors to infiltrate your site?

That's the problem with an issue known as cross-site cooking attacks. But what is this problem, and how might it potentially expose your website to hackers? And more importantly, what should you do about it? The first step in addressing a potential cyber-based challenge down the road is to understand exactly what it is.

Here's a beginner's guide to cross-site cooking attacks: what to expect from it, and how you can prevent them from occurring.
What are cross-site cooking attacks?
Website developers want to give their users an easier time navigating their site, optimizing convenience for returning visitors. To do this, they use something known as an HTTP cookie. These cookies help a site visited remember important information. This includes login credentials, previous site searches, and other general information users provided that may come in handy later.

From a user experience perspective, cookies are great at making time spent on the site much more efficient. The negative side is they also represent a massive vulnerability. If a site is hacked, personal information could be exposed to someone with malicious intent.

Enter cross-site cooking. It represents a type of malware exploiting your browser that then allows the malicious actor to take a cookie from one site and implement it into the cookie domain of a separate site. Cross-site cooking attacks essentially allow data to be transferred from one site to another. Imagine that personal information you've lent to a trusted site going somewhere you have no control over, with a site owner you're unfamiliar with. That's a glaring vulnerability and a major problem associated with the use of cookies.

Cross-site cooking attacks exploit a common online feature used for honest purposes - HTTP cookies. It turns them into a weapon to be used against not just site visitors, but also the owners and operators of a website.
How cross-site cooking can cause major damage
Let's say you visit a website to buy a pair of shoes. This is a site you've done business with in the past, so it has your credit card information on file - everything from the credit card number to the expiration date to the security code. Without your knowledge, a second site installs malware on your trusted site to steal all your information.

On your next visit to the site, the cookies that include your credit card information are then sent to this second site via the malware. This is called "cross-site request forgery." This may not necessarily be limited to your activity on the trusted site alone, however. The site may also interact with the cookies from other social media sites such as Facebook and Google due to the HTML settings. This information is also vulnerable and could be exposed as well.

There are plenty of other scenarios in which cross-site cooking can exploit cookies to gain a tactical advantage over unwitting users. They can be used to navigate around administrator-protected sites. There's no limit to the impacts these attacks can have.
How to protect your website from cross-site cooking
So now that you're aware of this threat to your systems, how do you combat it? There are two main methods for protection. One is simple but could have negative cascading impacts on your website. The other is a bit more of an involved process, but with the right partner guiding you through it, can be a much more comprehensive fix without sacrificing the benefit of using cookies.
Blocking cookies
The first method is an action that can be taken by the user - block cookies altogether. This will stop cross-site cooking attacks. The problem here is that it makes using the site much less convenient for returning visitors. It's readily apparent why this is a problem for website owners as well. It significantly impacts the user experience. Simply put, blocking cookies will solve the threat of cross-site cooking attacks, but it's not a feasible solution for anyone looking to interact with the same site regularly - from either a site user or owner perspective. You'll want your users to enjoy the experience of using your site over and over again, and cookies help them do just that.
Regular monitoring
The second method is an action taken by the site owner, or put more accurately, a recurring series of actions. Regularly monitoring your site's server can help address any potential malware threats that may represent vulnerabilities for your site's users. Having a robust monitoring system in place is the best defensive posture you can take to safeguard your site from cross-site cooking. It's a proactive approach to site security that will protect your users' personal information.

The solution is simple enough: maintain awareness of your site's security levels and impending threats. But implementing that solution on your own can be challenging if you're not well-versed in doing so. That's where partnering with the right security provider comes in.
How ThreatSign! can help you level up your protection
ThreatSign! is a platform that incorporates internal monitoring that allows you to maintain awareness of activity on your server, enabling website malware monitoring and protection. If there's malware, our system will detect it. You can then receive an alert that enables you to take action to remove this or any other kind of malware present on your system. You'll know there's malware compromising your users before it can negatively affect them.

ThreatSign! has worked with numerous partners to secure their sites, stopping nefarious activity such as cross-site cooking attacks from happening. If you're interested in protecting your site, its users, and your customers' personal information, partner with the ThreatSign! platform today. For more on what our platform can do to level up your website security, sign up for ThreatSign! today.

Other resources
https://blog.quttera.com/post/cross-site-request-forgery-attacks/
https://en.wikipedia.org/wiki/Cross-site_cooking
https://vulners.com/securityvulns/securityvulns:doc:11224