CDNetworks Unveils 10 Tbps Capacity Upgrade for Enhanced South & Southeast Asia Network Performance - Learn More

Security Glossary: WAF

Clickjacking

Clickjacking is a deceptive cyberattack where a user is tricked into clicking on a webpage element that is either invisible or disguised as a different element. This type of attack can lead users to inadvertently perform actions such as downloading malware, visiting malicious websites, disclosing sensitive information, transferring money, or making unintended online purchases.

The attack typically involves layering an invisible webpage or HTML element over a visible page using an inline frame (iframe). To the user, the webpage appears normal, but in reality, their clicks are being redirected to this hidden layer. As a result, users believe they are interacting with the page they can see, when they are actually engaging with the invisible layer, which can lead to unintended consequences.

One common scenario of clickjacking is the manipulation of a legitimate webpage, such as a banking site, where the user might unintentionally authorize financial transactions. The attacker effectively hijacks the user’s click, redirecting it for their own benefit.

There are various forms of clickjacking attacks:

  • Likejacking: This variation targets social media platforms, such as Facebook. It involves manipulating the “Like” button so that users unknowingly “like” a page or content they did not intend to endorse. This technique can spread malicious content or inflate the popularity of a page fraudulently.
  • Cursorjacking: Another variant involves altering the user’s cursor position. The attacker changes the appearance or position of the cursor, misleading the user about their actual click location on the screen. This method has historically exploited vulnerabilities in web browsers and plugins like Flash, many of which have since been patched.

To protect against clickjacking, various defensive strategies can be employed. These include implementing frame-busting scripts, which prevent a webpage from being displayed within an iframe, and utilizing security features like the X-Frame-Options HTTP header, which can restrict how and if a page can be framed. Users can also increase their protection by keeping their browsers and plugins updated, as well as being cautious about their clicks and interactions on less familiar websites. Understanding and being aware of clickjacking tactics is crucial for both developers and users to safeguard against these deceptive and potentially harmful attacks.

Learn More About WAF

Backdoor

Cross Site Scripting (XSS)

Dictionary Attacks

Injections

OWASP Top 10

SQL Injection (SQLi)

Advanced Persistent Threat (APT)

Clickjacking

Command Injection

What Is a Phishing Attack?

What is Ransomware?

What Is Spear Phishing?

XXE (XML External Entity)

Broken Object Level Authorization

Malware Types

NoSQL Injection

Remote Access Trojan

Remote File Inclusion (RFI)

Web Shell

Multi-Factor Authentication (MFA) Services

Cookie Poisoning

Web Skimming

CDNetworks At IBC 2024 Booth 5A23