internet threats and security

Web-based threats, or online threats, are a category of cybersecurity risks that may cause an undesirable event or action via the internet.

Web threats are made possible by end-user vulnerabilities, web service developers/operators, or web services themselves. Regardless of intent or cause, the consequences of a web threat may damage both individuals and organizations.

This term typically applies to — but is not limited to — network-based threats in the following categories:

  • Private network threats - impact sub-networks connected to the wider global internet. Typical examples can include home Wi-Fi or ethernet networks, corporate intranets, and national intranets.
  • Host threats - impact specific network host devices. The term host often refers to corporate endpoints and personal devices, such as mobile phones, tablets, and traditional computers.
  • Web server threats - impact dedicated hardware and software that serve web infrastructure and services.

nternet-based threats expose people and computer systems to harm online. A broad scope of dangers fits into this category, including well-known threats like phishing and computer viruses. However, other threats, like offline data theft, can also be considered part of this group.

Web threats are not limited to online activity but ultimately involve the internet at some stage for inflicted harm. While not all web threats are created deliberately, many are intended — or have the potential — to cause:

  • Access denial. Prevention of entry to a computer and/or network services.
  • Access acquisition. Unauthorized or unwanted entry into a private computer and/or network services.
  • Unauthorized or unwanted use of computer and/or network services.
  • Exposing private data without permission, such as photos, account credentials, and sensitive government information.
  • Unauthorized or undesired changes to a computer and/or network services.

In recent years, the landscape of web threats has grown significantly. Technologies like smart devices and high-speed mobile networks have allowed for an always-connected vector of malware, fraud, and other complications. Also, web adoption in areas like communications and productivity via the Internet of Things (IoT) has outpaced user security awareness.

As we continue to rely more on the web for daily living, it will keep exponentially rising as an attractive attack option for malicious parties. Convenience and a lack of caution around web use are among the top concerns that continue to pose new risks to privacy and security.

While targets are typically computer-based, human victims ultimately experience the lasting effects of a web threat. 


To ensure privacy and security on the internet, it’s important to be aware of different types of internet attacks. Common internet security threats include:

Phishing

Phishing is a cyber-attack involving disguised emails. Hackers try to trick email recipients into believing that a message is genuine and relevant – a request from their bank or a note from a co-worker, for example – so that they click on a link or open an attachment. The goal is to deceive people into handing over their personal information or downloading malware.

Phishing is one of the oldest internet security threats, dating back to the 1990s. It has remained popular to this day since it is one of the cheapest and easiest ways for criminals to steal information. In recent years, phishing techniques and messages have become increasingly sophisticated.

Hacking and remote access

Hackers are always looking to exploit a private network or system's vulnerabilities so they can steal confidential information and data. Remote access technology gives them another target to exploit. Remote access software allows users to access and control a computer remotely – and since the pandemic, with more people working remotely, its usage has increased.

The protocol which allows users to control a computer connected to the internet remotely is called Remote Desktop Protocol, or RDP. Because businesses of all sizes so widely use RDP, the chances of an improperly secured network are relatively high. Hackers use different techniques to exploit RDP vulnerabilities until they have full access to a network and its devices. They may carry out data theft themselves or else sell the credentials on the dark web.

Malware and malvertising

Malware is a portmanteau of "malicious" and "software". It's a broad term related to viruses, worms, trojans, and other harmful programs that hackers use to cause havoc and steal sensitive information. Any software intended to damage a computer, server, or network can be described as malware.

Malvertising is a portmanteau of “malicious” and “advertising”. The term refers to online advertising, which distributes malware. Online advertising is a complex ecosystem involving publisher websites, ad exchanges, ad servers, retargeting networks, and content delivery networks. Malvertisers exploit this complexity to place malicious code in places that publishers and ad networks don’t always detect. Internet users who interact with a malicious ad could download malware onto their device or be redirected to malicious websites.

Ransomware

itis a type of malware that prevents you from using your computer or accessing specific files on your computer unless a ransom is paid. It is often distributed as a trojan – that is, malware disguised as legitimate software. Once installed, it locks your system’s screen or certain files until you pay.

Because of their perceived anonymity, ransomware operators typically specify payment in cryptocurrencies such as Bitcoin. Ransom prices vary depending on the ransomware variant and the price or exchange rate of digital currencies. It isn’t always the case that if you pay, the criminals will release the encrypted files.

Ransomware attacks are on the rise, and new ransomware variants continue to emerge. Some of the most talked-about ransomware variants include Maze, Conti, GoldenEye, Bad Rabbit, Jigsaw, Locky, and WannaCry.

Botnets

The term botnet is a contraction of “robot network”. A botnet is a network of computers that have been intentionally infected by malware so they can carry out automated tasks on the internet without the permission or knowledge of the computers’ owners.

Once a botnet’s owner controls your computer, they can use it to carry out malicious activities. These include:

  • Generating fake internet traffic on third party websites for financial gain.
  • Using your machine’s power to assist in Distributed Denial of Service (DDoS) attacks to shut down websites.
  • Emailing spam to millions of internet users.
  • Committing fraud and identity theft.
  • Attacking computers and servers.

    • Computers become part of a botnet in the same ways that they are infected by any other type of malware – for example, opening email attachments that download malware or visiting websites infected with malware. They can also spread from one computer to another via a network. The number of bots in a botnet varies and depends on the ability of the botnet owner to infect unprotected devices.

    Wi-Fi threats, in public and at home

    Public Wi-Fi carries risks because the security on these networks – in coffee shops, shopping malls, airports, hotels, restaurants, and so on – is often lax or non-existent. The lack of security means that cybercriminals and identity thieves can monitor what you are doing online and steal your passwords and personal information. Other public Wi-Fi dangers include:

    • Packet sniffing – attackers monitor and intercept unencrypted data as it travels across an unprotected network.
    • Man-in-the-middle-attacks – attackers compromise a Wi-Fi hotspot to insert themselves into communications between the victim and the hotspot to intercept and modify data in transit.
    • Rogue Wi-Fi networks – attackers set up a honeypot in the form of free Wi-Fi to harvest valuable data. The attacker’s hotspot becomes the conduit for all data exchanged over the network.

    • If you are wondering how to ensure internet protection and how to protect your data online, sensible internet security tips you can follow include:

      Enable multifactor authentication wherever you can

      Multifactor authentication (MFA) is an authentication method that asks users to provide two or more verification methods to access an online account. For example, instead of simply asking for a username or password, multifactor authentication goes further by requesting additional information, such as:

      • An extra one-time password that the website's authentication servers send to the user's phone or email address.
      • Answers to personal security questions.
      • A fingerprint or other biometric information, such as voice or face recognition.

      Multifactor authentication decreases the likelihood of a successful cyber-attack. To make your online accounts more secure, it is a good idea to implement multifactor authentication where possible. You can also consider using a third-party authenticator app, such as Google Authenticator and Authy, to help with internet security.

    • Use a firewall

      firewall acts as a barrier between your computer and another network, such as the internet. Firewalls block unwanted traffic and can also help to block malicious software from infecting your computer. Often, your operating system and security system come with a pre-installed firewall. It is a good idea to make sure those features are turned on, with your settings configured to run updates automatically, to maximize internet security.

      Choose your browser carefully

      Our browsers are our primary gateway to the web and therefore play a key role in internet security. A good web browser should be secure and help to protect you from data breaches. The Freedom of the Press Foundation has compiled a detailed guide here, explaining the security pros and cons of the leading web browsers on the market.

      Create strong passwords, and use a secure password manager

      A strong password will help you maintain internet security. A strong password is:

      • Long – made up of at least 12 characters and ideally more.
      • A mix of characters – that is, upper- and lower-case letters plus symbols and numbers.
      • Avoids the obvious – such as using sequential numbers (“1234”) or personal information that someone who knows you might guess, such as your date of birth or a pet’s name.
      • Avoids memorable keyboard paths.

      • These days, it’s no longer enough to substitute lookalike characters for letters or numbers – for example, “P@ssw0rd” for “password” – since hackers are wise to it. The more complex and involved your password, the harder it is to crack. Using a password manager will help – by generating, storing, and managing all your passwords in one secure online account.

        Keep your passwords private – avoid sharing them with others or writing them down. Try to avoid using the same password for all your accounts and remember to change them regularly.

        Keep an up-to-date security program installed on your devices

        Internet security antivirus is critical for ensuring privacy and security online. The best internet security software protects you from different types of internet attacks and protects your data online. It’s important to keep antivirus software up to date – most modern programs update themselves automatically to stay on top of the latest internet security threats.

        How to keep your family safe online

        Internet security for kids is critical – protecting children from harmful or inappropriate content and contacts, as well as malicious software or attacks. Teaching your children online safety tips can help to keep them safe.

        Internet safety tips for children

      • Children are spending more and more time online, and it’s important to talk to them about how to stay safe on the internet. Making sure that kids know what information to keep private online is essential, for example explaining why they need to keep their passwords private, and not give out personal information. Keeping the computer in a common area, where you can watch and monitor its use, can also be a useful way of ensuring children use the internet safely.

        Many kids enjoy watching YouTube videos. So, to make this a safer experience, you can use YouTube parental controls. You may also want to use YouTube’s dedicated app for children, YouTube Kids. This provides a more child-friendly interface, and videos on the app are reviewed by a combination of human moderators and automated filters to help ensure videos are appropriate for younger children.

      • How to keep your email safe

        Email was designed to be as open and accessible as possible, to allow people to communicate with each other. The drawback of this accessibility is that certain aspects of email are not secure, allowing attackers to use emails to cause internet security problems.

        What is email security?

        Email security refers to the methods used to protect email accounts and correspondence against unauthorized access, loss, or compromise. Given that email is often used to spread malware, spam, and phishing attacks, email security is an important aspect of internet security.

        How to deal with email spam

        Spam emails – also known as junk emails – are unsolicited messages sent out in bulk. Most email providers use algorithms to filter out spam messages, but they can still appear in your inbox despite this. Steps to take include:

        • Mark spam emails as spam – this will help the email provider to refine their spam filtering. How to mark a message as spam will vary depending on which email client you use – Outlook, Gmail, Apple Mail, Yahoo Mail, and so on.
        • Never click on a link or open an attachment in a spam email. Doing so could mean you download malware onto your device. At the very least, you confirm to the spammers that yours is an active email account, incentivizing them to send more spam.
        • Be careful about where you disclose your email address. It's a good idea to have a secondary, throwaway email account that you use solely for email sign-ups and subscriptions, separate from the one you use for friends and family and separate from the one you use for work.
        • Most email providers will offer privacy settings – review these and make sure they are set to a level you feel comfortable with.
        • Look into third-party email spam filters. These provide an additional layer of cybersecurity, as emails have to travel through two spam filters before getting to you – your email provider’s spam filter plus the third-party app.

          • If you do find yourself overwhelmed with spam, it could be a sign that your email address has been exposed in a data breach. When this happens, it is recommended to change your email address.

          Network security

          Network security refers to any activity designed to protect the usability and integrity of your network and data. It targets a variety of threats and stops them from entering or spreading on your network.

          How to set up your Wi-Fi router securely

          Your Wi-Fi router is an essential aspect of internet security. It checks all incoming and outgoing traffic and controls access to your Wi-Fi network and, through that, your phones, computers, and other devices. Router security has improved in recent years, but there are still steps you can take to enhance internet protection.

          Changing the default settings of your router, such as the default router name and login details, is an important first step. This can help to make your Wi-Fi network less of a target for potential hackers, as it indicates that the router is being actively managed.

          There are various features and settings you can disable to increase the security of your Wi-Fi router. Features such as remote access, Universal Plug and Play and Wi-Fi Protected Set-Up can all be taken advantage of by malware programs. While they may be convenient, turning them off makes your home network safer.

          Consider using a VPN, particularly when using public Wi-Fi

          The best way to protect your data online when using public Wi-Fi is to use a virtual private network (VPN). A VPN creates an encrypted tunnel between you and a remote server operated by a VPN service. All your internet traffic is routed through this tunnel, which makes your data more secure. If you connect to a public network using VPN, other people on that network should not be able to see what you are doing – providing enhanced internet protection.

          How to tell if your phone is tapped

          Your smartphone can be vulnerable to tapping, especially if it has been jailbroken or rooted. Phone tapping can allow third parties to listen to your calls or read messages. If you’re concerned your phone may have been hacked, you can look out for signs like unusual background noise on calls, your phone’s battery depleting faster than usual, or behaving in strange ways.

          If your phone seems to be turning itself on or off without your input, or if apps appear that you don’t remember installing yourself, that could indicate that somebody else has access to your phone. Receiving strange SMS messages, containing a garbled series of letters and numbers, or getting a higher than usual phone bill could also indicate phone tapping.


Comments

Post a Comment