Instagram, Zoom, LinkedIn, Dropbox, and WordPress all have vulnerabilities that make them easy targets for dark web hackers. According to recent cyber security research, a team of analysts relayed how criminal hackers can easily hijack and take control of online accounts created on those platforms, even before you are done creating and setting them up.
The report stated that the threat actors can steal these accounts before they can be registered by exploiting zero-day vulnerabilities that are deemed to have already been resolved by the respective company.
According to the research done by an independent researcher, and the Microsoft Security Response Center, a team of cyber security analysts discovered that 35 popularly used websites have major faults that make them vulnerable to pre-hijacking attacks that are often carried out by criminal hackers.
75 major websites were analyzed by the team of researchers, who discovered that approximately half of these sites were prime targets for pre-hacking attacks. However, the vulnerability and the severity of pre-hijacking attacks stem from website policies that lack the proper cyber security protocols.
Poor Policies Facilitate Data Breaches
And although these assaults vary in some sites; it shows that poor security policies are the number one factor that allows these vulnerable websites to be the main target for hackers.
It is a fact that vulnerable websites paid out large rewards each year with their bug bounty programs, but the shocking problem still continues to plague consumers. And even more concerning is that these high brand companies continue to overlook these simple attacks, which criminal hackers have easily infiltrated and target unsuspecting victims.
The Hackers’ Pre-hijacking Process
It is a simple process for dark web hacking groups to carry out these criminal attacks. First, all they have to do is know the email addresses of their targets, which can be easily acquired through hacking attacks on high profile companies. In addition, there are countless data breaches annually, which provide a treasure trove for pre-hijacking weapons for the criminals to effectively operate and carry out these attacks.
With access to the target’s email address, the hacker will next create an account on one of the reported susceptible websites. Next, the waiting game begins as the criminal patiently waits for the owner of the email to click on the notification that landed in their inbox or spam folder.
As reported, oftentimes victims are then deceived to sign up on the targeted website, while the hacker waits patiently to steal the credentials to gain access to the site.
In conclusion, the hacker utilizes an automated script that keeps the session active, after creating it during an unexpired session. The last attack phase occurs after the victim resets the private credentials of the newly created account.