0

I started getting more interested about security about one year ago, and from all the things I have learned up to this day I never knew how particular victims are targeted from the attackers from outer networks knowing that the victims are behind some router in a private network and cannot be easily reached.

Now, I know that some victims are attacked by e-mail, social media, or different types of communication by malicious content and then the attacker gets a session by setting up port-forwarding on his router so the traffic goes directly to his machine and stuff like that which is pretty clear for me. However, my question remains: How does somebody attack some particular person in a wide area network (except sending him malicious content so he could open) when he is hiding behind some router/firewall, or does such targeting and attacks even occur?

P.S Sorry for my inability to ask perfectly, but I hope you understand. Thanks in return!

Improve this question

1 Answer 1

Reset to default
0

To directly answer your question: it is possible to either attack a program that the victim is running (which made an outbound connection through the router, and the attacker exploits the program by injecting malicious traffic as though it's a response from the server), or to compromise the router (home routers, in particular, have notoriously weak security) and from there attack the local network.

The most common case of the first attack are, of course, browser exploits. The victim's web browser sends out a request through the router to the Internet, and the attacker gets their malicious payload included in the response (possibly because the victim connected to the attacker's server directly, possibly because the attacker got their payload included in an ad network and the victim doesn't use ad blocking, possibly because the attacker compromised somebody else's server and the victim connected to that... lots of ways). The attacker's payload is received by the victim's web browser, the browser tries to execute the script or whatever, and through some memory corruption bug or similar the attacker gains code execution on the victim's computer. The payload then reaches out from the victim's computer to the attacker's computer, establishing a tunnel through which the attacker can control the victim's system, steal data, probe the LAN, and so on.

In practice, though, most attacks aren't either of those things. Phishing attacks are extremely common, and are usually trying to steal the user's credentials to something that the attackers could access (like a cloud service account) without needing to be on the LAN. If you specifically want to attack the victim's computer on their LAN, the usual way to do that is through Trojan software (if you don't care exactly who you get, and just want to hit as many people as possible) or malicious email / chat / whatever attachments (these are also sometimes automated, of course). Trojan software is usually distributed from some common source, most commonly pirate (warez) sites and torrents but also sometimes through "official" distributers like NPM (Node.js packages), Aptitude (Linux packages), mobile app stores, or similar. Attacks of the latter kind are typically discovered quickly, but because most people trust those sites and let their devices update automatically, it might hit a lot of victims first.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.