What is DLL hijacking? The Windows exploit endangering your sensitive data

283

This post was originally published by Edward Kost.

A simple DLL file was the catalyst to the most devastating cyberattack against the United States by nation-state hackers.


This cinematic breach demonstrates the formidable potency of DLL hijacking and its ability to dismantle entire organizations with a single infected file.

What is DLL hijacking?

DLL hijacking is a method of injecting malicious code into an application by exploiting the way some Windows applications search and load Dynamic Link Libraries (DLL).

Only Microsoft operating systems are susceptible to DLL hijacks.

By replacing a required DLL file with an infected version and placing it within the search parameters of an application, the infected file will be called upon when the application loads, activating its malicious operations.

For a DLL hijack to be successful, a victim needs to load an infected DLL file from the same directory as the targeted application.

If applications that are automatically loaded upon startup are compromised with a tainted DLL file, cybercriminals will be granted access to the infected computer whenever it loads.

 

DLL hijacking is not an innovative cyberattack method. It has been in circulation among cybercriminals since Windows 2000 launched.

Read more here: https://www.upguard.com/blog/dll-hijacking