- Category: August 2015 - Security
Malicious software, in the form of Trojans and worms, is still the greatest threat on the Internet: Trojans perform dangerous actions unnoticed on affected devices, while worms spread themselves over the Internet and can damage infected computers.
Unfortunately, every day 350,000 new variants of malicious software emerge on the Internet, forcing users to protect themselves more against criminal hackers and intelligence corps.
Ranking on second place of the biggest Internet dangers are attacks through web-based software, also known as "drive-by downloads", showing that visiting an infected website is often enough to downloading malicious software unnoticed.
Further risks are manipulated smartphone apps, plenty of remote-controlled computers (botnets), infected emails (spam), and the interception of sensitive login information (phishing).
You can protect yourself against such threats by taking appropriate precautions, as explained in the following:
Malware: Trojan horses and worms exist since the birth of the Internet, representing constant cyber threats. The classic IT bugs are nesting unnoticed in computer systems, from where they then transmit sensitive data, such as passwords, or send in turn infected emails. As said, approximately 350,000 new forms of such pests emerge on the Internet every day; hence, you can just do your best and try to protect yourself with current versions of anti-virus programs. According to recent findings, however, about half of all infections remain undetected. Therefore, experts advise in particular professional users to extend the protective measures from the devices to the network architecture. Measures for early detection of successful attacks, and strategies for recovery of business operations, complement these purely preventive measures.
Damage caused by web-based malware: When visiting a malicious website, users unsuspectingly download a malicious software, which then opens vulnerabilities in the often-outdated add-ons of the browser (plug-ins) and floodgates to malware. Last year alone, experts have identified more than 145 million Internet addresses, where malicious software could be downloaded. Such covert downloads, also known as, "drive-by downloads", are currently the largest IT threats, since viruses spread rapidly. To protect yourself you should always use the latest version of plug-ins (Flash, Java, Acrobat Reader, etc.).
Botnets: Such networks consist of multiple computers and are controlled by a bot master, who can spy on passwords or other personal information. In addition, they can use the network for automatic sending of dangerous spam or phishing emails, or use it to start a collective attack on IT systems. You may know that already, but beware of operators changing strategies, since several large botnets have been busted recently. In addition to computers, they increasingly integrate smartphones, web servers, routers or other networked devices on the Internet of Things into the botnets. Therefore, users should consider getting the newest security software and the latest virus scanners, including firewall.
Denial-of-Service attacks: In attacks to block a service, the point is to use a web server or an Internet service to full capacity, so that it is no longer possible to access it online. To achieve this, huge numbers of data packets are sent to the appropriate server by individual computers or botnets. Actually, attacks are becoming more and more unpredictable and especially more efficient, because they strike at different places of the IT infrastructure. Hence, both the number and the power of botnets increases. Sometimes, Denial-of-Service attacks are just used as a diversionary tactic to activate at the same time malicious software and, for example, to steal sensitive information or intellectual property.
Spam: Although spam is numerically declining, it remains one of the biggest online dangers. Behind seemingly legitimate emails with invoices or information about online orders, there is often a hidden infected file or a download link for dangerous malware. Although most Internet providers have arranged for spam filters that sort out the potentially dangerous emails, Internet users should still be cautious and click neither on attachments nor on links in emails from unknown sources. The latest phenomenon is social media spam, which is distributed through social networks, apps or short message services.
Phishing: The goal is to get as much sensitive data as possible in a short time by sending faked emails that contain links to online retailers, payment services, parcel services or social networks. There, the victims then unwarily relinquish their personal information. Often, however, an undetected Trojan simply fetches the confidential information. Cybercriminals mainly target the identity of their victims in combination with the associated access to online banking or other services. Therefore using your common sense should be your top priority here: Banks and service providers, for instance, never ask their customers via email to enter sensitive information on the network. Best to delete this mail immediately. The same goes for emails with unknown file attachments or suspicious requests on social networks. Even with apparently known senders, the recipients should always critically question the content. Clues are logical weaknesses, for example, a general salutation or references to an order that was never placed.
Exploit kits: These virus-building kits are programs that allow the development of individual malicious software and practically automate cyberattacks. The programs can initiate drive-by downloads and use a variety of other distribution channels to infect computers. Typical of exploit kits are their ease of use that makes them interesting and usable for non-technical people.
Physical loss: As dangerous as attacks on IT systems is simply the loss of data carriers. Either laptops, tablets or smartphones are stolen, or their owners lose them accidentally. Primarily when traveling, equipment is consistently getting lost and only seldom it is found again, therefore, access to the devices should always be protected by secure passwords and sensitive data should be encrypted. In addition, with the appropriate tools, content can be deleted remotely as long as the device is online.
No matter how the information got lost, the consequences can be devastating, so better be safe than sorry!
By Daniela La Marca