Internet is everywhere and used for everything online
starting from browsing at home, checking emails to product search, online
banking and what not. Hackers use vulnerabilities to get access to the private
data to launch cyber-attack on other users. Insufficient security mechanism and
application vulnerabilities motivate the hackers apart from monetary benefits. From
the research conducted on the pattern on cyber-attack it was found that 30% of
all attacks are on the Computing services. 14% on retail industry, 9% on Health
sector, 8% on media and entertainment and around another 8% on financial
service sector. It is believed that there are half a million cyber-attack
attempts in the world every minute.
Cyber security is an ever growing threat. Most of these
vulnerabilities are spread across Google Chrome, Mozilla Firefox, Adobe flash
player, adobe reader and Windows OS. Based on the three pillars of information
security – Confidentiality, Integrity and Availability – a website can request
you to use cookies that contain malware to spy your data or even remove your
data and damage your computer system. Almost two third i.e. 66% of the malwares
consist of Trojan Horse and remaining part is the combination of Virus, Worms,
adware, spyware etc.
Secure browsing means paying attention to many different
controls and Vulnerability in the web browser. Information security vulnerabilities are weaknesses that expose an
organization to risk. Understanding your vulnerabilities is the first step to safeguard against
internet threats. Usually these vulnerabilities come from Cookies and plug-ins.
Cookies
Cookies contain specific information which is attached on the
user’s device when they visit a website. The cookie is either sent from
webserver to browser or generated by script on the website like JavaScript.
This enables a faster loading of a website at the next visit. It is advised to
be cautious of any unwanted third party tracking cookies, which collect data of
various site visits. Beware of the danger of using public internet because
other users may log into your account via your still valid session cookie if
you don’t delete all cookies when closing the browser.
There are two type of cookies – first party cookie and third
party cookie. First party cookies are placed by the site you visit and is frequently
used to remember your login information for fast access to your account
details. Third party cookies are placed by other sites for affiliate marketing
purpose.
Plug-ins
Plug-ins constantly contains security flaws and is therefore
frequently updated. Some of the most commonly used plug-ins is Flash Player,
Java.
Flash-player is a widely spread freeware which is used for
programming and displaying multimedia and interactive contents. Due to its high
reach, flash player is a popular target for attackers which results in constantly
new security holes.
If a user want to interact with the java content in web
pages then it’s necessary to install and enable the java plug-ins in the web browser.
JavaScript is a programming language used by websites to run various programs
and features. Try to disable JavaScript
because applications using Java Script partly interact differently than
expected by users. It can also be used to infiltrate malicious code, pop-up
software and a whole host of other spammy elements from the internet.
Fake Websites
Fake Websites looks similar to the actual websites including
those with login forms. It is not possible for a victim to differentiate
between a fake and regular site only by the look and feel of a website which prompt
many user to submit their user id & passwords and as a result login
credentials are sent to the hackers automatically which can take over your
online account. After that you can image what they can do.
Always be alert to ensure that you are on the correct
website when entering you online banking and other financial credentials. Financial
service sector i.e. Bank employee will never ask you about your online banking
user id and password details.
Fortunately there are a lot of easier ways to identify fake websites:
Check the web address (URL) and look for suspicious
spellings in the domain name. For example bankofJapan.com might show BonkofJapan.com
on Web browser (notice alphabet o instead of a in bank). It is advised to
always go to the original website directly instead of clicking the URL link in
some other website. Secondly, never click
on the suspicious links.
Financial sector website normally has integrity protection
like a site lock or using https for login and payments. Always use the latest version of web browser
As I mentioned earlier there are various vulnerabilities in
the compromised websites
Virus: A computer virus attaches itself to a program or file enabling it to spread from one computer to another, leaving infections as it travels. It is piece of code which is placed in the path of execution of another program. When the user starts the original program, than the virus executes itself. After that it replicates on its own and infect other programs, libraries and the boot sector by replacing executable files with the virus infected files. Since a virus is spread by human action so people will unknowingly continue the spread of a computer virus by sharing infecting files or sending emails with viruses as attachments in the email.
Get Norton Security Software for 3 devices just $29.99 (Original Price $69.99)
Worms: Computer worms are similar to viruses in that they replicate functional copies of themselves and can cause the same type of damage. A worm does not need a host file to spread. It spreads itself automatically by replicating over the computer network including internet.
Get Norton Security Software for 3 devices just $29.99 (
Worms: Computer worms are similar to viruses in that they replicate functional copies of themselves and can cause the same type of damage. A worm does not need a host file to spread. It spreads itself automatically by replicating over the computer network including internet.
Trojan Horse: If does not replicate itself. It pretend to be
another program. When user open that file, they do not know that they are
executing a malicious program. So in contrast to a work or a virus, the Trojan
horse has to be executed by the user actively.
Phishing is part of social engineering where a scammer
pretends to be a legitimate person and sends out a message that tries to trick
a victim into revealing personal or financial information. Usually in phishing attacker
send messages via email or social networking sites. Those messages contain a
link that will take the victim to a fake website after clicking on them. Those
fake sites look like original and encourage the victim to enter their personal
data which is then used by the hackers for hacking.
Web Certificates are used to certify the authenticity of web
site that will be surfed. You might have noticed https protocol at the
beginning of a web address which means your communication to the web server is
encrypted and no one can intercept your message via man-in-middle attack. If the server has the highest level of
authentication than the address bar in the browser will turn green which means
its trustable websites because the verification process to confirm the
authenticity and ownership is very strict and accurate.
Fake websites usually use expired security certificates or certificate
from different website. You can check fields like ‘valid from’ and ‘valid to’ after
clicking on Site lock in address bar and view certificate. Subject field will
show the source of certificate .i.e. website it belongs to.
It is recommended to use the latest Anti-Virus software and the
browser version which warns you when you navigate to a malicious website. Even
if the information is encrypted, make sure to read the organisation's privacy
policy first so that you know what is being done with that information you are
submitting.
No comments:
Post a Comment