Clickjacking attacks are prevalent around the world. Their relative simplicity and effectiveness mean that many cyber criminals have used this technique for years. When combined with other malicious software, it can seriously compromise online security for individuals and businesses alike. It’s important to know how they work so that you can effectively prevent them.
What is a clickjacking attack?
Clickjacking is a process of fooling a user into clicking on something that is not as described. Most of these attacks use a method of displaying an HTML element within another page called iFrames. In doing so, they can overlay a legitimate element with a malicious one. Clickjacking is not malware itself. Rather, it is one method in which hackers and malicious users can get unsuspecting users to download malicious software or get their computer systems infected with malware which can cause severe damage. A clickjacking attack is simply the act of a user being targeted by a webpage infected with clickjacking code.
How do clickjacking attacks work?
Clickjacking attacks are also known as “UI redressing” and can be implemented in several ways. Some of the most common include:
- Overlay-based clickjacking attacks, where hackers overlay malicious content or link on top of a legitimate link and make it invisible. This can be done through transparent overlays, cropping, pointer events, and more. Unsuspecting users will think they are clicking on the legitimate link, but instead are clicking on the malicious one.
- Non-overlay-based clickjacking attacks, where hackers trick users to click on something which is not what they think even without invisible overlays. This can be done through drag and drop systems, rapid content replacement, and scrolling attacks. These kinds of attacks will trick the user into clicking on malicious links but do so using more confusing or roundabout methods.
Once the user has clicked on the malicious link instead of the legitimate one, they will be redirected to a malicious page, start downloading malicious software, reveal sensitive data, or other made to perform other unsolicited activity.
Protection against clickjacking attacks
As most clickjacking attacks use iFrames to place the malicious link inconspicuously into the web page, restricting the use of iFrames completely might help your cyber security. However, iFrames are also used legitimately in countless other situations. You can implement prevention measures on the client-side or server-side to protect your website.
On the client side, frame busting is the technique of using JavaScript to prevent a web page from being loaded within a frame. It remains effective even in older browsers that do not support newer methods like the Intersection Observer API or the X-Frame-Options header & CSP mentioned below.
One of the best ways to prevent clickjacking is to filter and have some control over the usage of iFrames. Using X-Frame-Options is one way to do this, providing you with three options: DENY, SAMEORIGIN, or ALLOW-FROM. X-Frame-Options will greatly reduce the frequency and chance of clickjacking attacks being successful but is not a completely effective solution. Another option is to use a Content Security Policy (CSP). This is a solution implemented to guard websites against clickjacking and other cross-site scripting issues and is supported by all web browsers. By adopting a CSP, you will have controls similar to using X-Frame-Options, including denying any site from embedding content, allowing the current site to embed content, and giving certain other sites access to do so.
Learn more with Sangfor
While these solutions will certainly be able to help you stay clear of attacks, they are not bulletproof. It will pay dividends to secure your personal and business networks using a layered security approach to protect against a wide range of cyber security threats. Contact Sangfor to learn more about our services to protect against threats, and get an overview of Sangfor Security Services.