Many of us use the Internet for day today activities. The need to know the Internet security threats is greater than ever before. In this article, we bring you the latest on Internet security threats and also to mitigate those threats.
Recently, tens of thousands of Hotmail, Gmail and Yahoo email accounts were hacked. Their passwords were stolen and posted online. This resulted in a marked increase in the number of spam emails.
Over 13 per cent of all results on search engines like Google lead to malicious links. Close to 90 per cent of emails contain a malicious link. As the above statistics indicate, every time we go online, there's clearly some form of a threat. Social networking sites, like Facebook and Twitter, have become magnets for online spammers and scammers.
We have also seen a steady increase in attacks that take advantage of topical issues to lure recipients into opening attachments in emails or clicking on malicious links, or both. Despite all the sophistication of security software, intervention of ISPs (Internet Service Providers) and government agencies, spam volumes continue to rise.
Worse, according to experts, there's no 'perfect' solution for protecting consumer data and identities online. More and more attackers are going in for direct attacks on the end user, attempting to trick them into downloading malware or divulging sensitive information.
Here's what you need to watch out for
Social Networking
With cyber thieves taking to such sites in a big way, attacks on social networking sites are set to rise even further. This is bad news, given the number of incidents that have occurred already.
Take the case of Jack [name changed], who is on Facebook and likes going through other users' profiles. When he saw the 'Who is checking your profile' application on Facebook, he was more than excited at the prospect of identifying who all were following his profile. However, little did he know that the application would create havoc for not only him but also for his 'friends'.
This latest scam hit Facebook users after a rogue application, which comes in many variants of 'Who is checking your profile?', improved its technique beyond that employed in previous attacks.
"Rather than spreading a single app that Facebook can easily block, it tricks users into propagating the exploit by creating a brand new Facebook application that hands over the controls to the bad guys," says a Websense blog. In other words, the malware replicates at the users' expense.
So, what should users like Jack do in such a situation? "The important thing for Facebook users to remember is that clicking the 'Allow' button for such apps gives such applications the proverbial 'keys to the kingdom'. Do not add any applications that you do not trust," advises the blog.
One way you can assess an application's reputation is by clicking on the application name 'without authorising the application'. Look at the reviews of the application to see what other users are saying about it.
The other case in point is Twitter. Along with Twitter's phenomenal success, there also has been widespread adaptation of abbreviated URL services like bit.ly and tinyurl.com. These services now appear in all sorts of communications, making it easier than ever to mask the URLs that users are asked to click.
This trick, according to security software experts, is the perfect way to direct users to websites that they would normally be wary of.
Malvertising
Beware of advertisements that urge you to go to a website and install free software. For instance, those "Your PC is infected! Click here to install our antivirus (AV) software NOW!" ads. These false advertisements are placed on trusted, reputable and well-trafficked sites.
In a high-profile incident last year, visitors to the New York Times website saw a pop-up box warning them of a virus that directed them to an offer for an AV software, which was actually a rogue one. This attack was served up through an advertisement purchased by someone posing as a national advertiser.
Browsing and Web Applications
Nearly 30 million netizens from India visit the search engine Google every month. Realising the opportunity in the number and faith people have in such sites, hackers have started to compromise search engine results to make their links appear higher than legitimate results.
As a user searches for related terms, the infected links appear near the top of the search results, generating a greater number of clicks to malicious websites.
A security expert states that the blended nature of today's threats, combined with compromised legitimate sites, takes full advantage of an increased perception of trust when using search engines and interacting with friends or acquaintances online. There may be a trust issue in search results among consumers, unless the search providers change the way they document and present links.
The rise in online applications, such as Google's new Chrome online-based operating system are also seen as potential areas for malware writers.
Good Old ‘Emails’
From spam to phishing, the email has been a constant source of security threats. Security experts point out that 86.8 percent of all emails are spam. It is also a fact that, most of the time, hackers lure users into clicking on an attachment or a link.
A recent example was that of the Facebook Password reset. The email, said Websense a security solutions vendor, claimed that the recipient's Facebook password had been reset for security reasons and that the recipient should open the attachment to find the new password. Nobody should ever need to open an attachment to get a new password. Yet, these attacks often succeed.
Experts also point out that people give their information to phishing sites 45 per cent of the time.
Email is still the favoured route for phishing (fraudulent methods to acquire sensitive information like passwords, username and credit card details).
Staying Safe from Email Scams
How does one stay safe from email scams? Well, for one, do not open any email that has come from an unknown address. In case, you have gone ahead and clicked it, then do not open attachments (most of the attachments have viruses). Since you would be accessing email from a PC, you ideally need to have a good security solution installed.
However, after PCs, mobile phones have become the next platform to be hit by security problems. Hackers are using a combination of voice over internet protocol (VoIP), SMSes and internet to fool and redirect users into dialing a phone number to collect critical information for financial gains.
This phenomenon is called 'Vishing' (voice phishing). Various security experts say that with mobile handsets becoming the primary device of accessing information, security threats on handsets will be the next big issue.
A Brief Conclusion
With the constant changing trends in global Internet domain, we see an exponential rise in malwares flooding the Internet. As the security vendors get innovative in their solutions, on the other side hackers also get innovative with their attacks. Between the security vendors and hackers, it is the users that suffer the most and hence we must follow the security drill of best practices and update our systems regularly with all the latest anti-malware softwares.
—By: R. Manoj. The author is an Assistant Editor at Fanatic Media, Bangalore. He is also an Independent Researcher, specializing in Digital Security Systems. He has an active interest in designing security algorithms for securing mission critical systems. He can reached at infosecurity@fanaticmedia.com |
