Describe the threat landscape of applications
Applications are widely available and used for just about anything, from home and personal use, to work and school. They're a fundamental part of our daily life. They empower us by making difficult things easier. At the same time, applications actively collect and hold vast amounts of data about what we do, who our friends are, where we've been, what we spend our money on, what our hobbies are, and much more. Cybercriminals are fully aware of how much data is held and accessed by these applications and will look for any weaknesses they can exploit.
Protecting our data, whether you're an individual or a big corporation, is essential. Understanding how applications can be compromised, and where these threats come from, will improve your application security and the confidentiality of any stored or accessed data.
Applications from untrustworthy origins
The ability to download applications to your device, be that a computer, smartphone, or tablet, has become easier. The majority of us use the larger well-established application stores. Some of these will verify the authenticity of the applications before they list them, and prohibit certain types being sold through their platform.
There are, however, other places where you can download applications. There's little or no restriction on the apps available and minimal verification on their authenticity. Not every app on these stores is bad. However, a cybercriminal can create and package source code, and give it the name of a legitimate application that users might be familiar with. They then upload it to a hosting site alongside legitimate applications.
If you install or run applications from untrustworthy sources, you could become the victim of a cyberattack.
Applications with inherent vulnerabilities
While application developers strive to ensure their apps are secure, it's impossible to guarantee 100 percent protection. Cybercriminals will look for any vulnerability they can exploit. There are many different types of application vulnerabilities—open source and zero day are two of the more common ones.
Open-source vulnerabilities
Software developers will often create libraries of common functions to solve a specific problem. Everyone can access open-source libraries, and the source code is usually freely available. When an application developer wants to solve a specific problem, they'll check to see if there's an open-source solution first.
One of the benefits of open source is that issues and vulnerabilities are publicly identified and fixed. However, these libraries are also available to cybercriminals who will look for ways to take advantage. Developers need to stay current on the latest version of any open-source libraries they've used as components in their applications, to avoid cyberattacks.
Zero-day vulnerabilities
Cybercriminals conduct detailed reconnaissance of applications, searching the code for flaws they might exploit. Any flaw that's previously unknown to the application owner and left unpatched is considered a zero-day vulnerability. When a cybercriminal finds a zero-day vulnerability, they won’t publicize it. Instead, they’ll take full advantage. For example, a cybercriminal might have noticed that a banking app has a zero-day vulnerability, and used this to quietly steal information and money from application users. The zero-day name stems from the number of days a developer has from when a vulnerability is identified to when a fix is available—that's zero days.
Browser-based threats
Browsers may be our gateway to the internet, but they're also applications. That's why most threats that you’ll come across manifest themselves through browser activity. Here's two of the more common browser-based threats:
Cookie-based attacks
You may have heard about cookies, but do you really know what they are? A cookie is a simple plaintext file that contains small bits of data—your user credentials, last search you made, last purchased item, and so on. The purpose of cookies is to enhance your browser experience and make surfing easier, by simplifying the need to continuously log in to the site.
One common type of cookie attack is a session replay. If the cybercriminal can intercept or eavesdrop on your communications, they're able to steal the cookie data, and your login data, then use it to access the website posing as you.
Typosquatting
Typosquatting is a type of browser-based attack where a cybercriminal obtains deliberately misspelled domain names. These are based on popular websites, where they can put their own malicious code, disguised as a legitimate website for the domain. Users might then mistake the malicious website for the legitimate one they wanted to visit. If a user enters any personal information or follows instructions on the website, they’ve become victims of a cyberattack.