4 Web Security Threats to Look Out For
Is your network sufficiently protected from web security threats? Have you been lulled into a false sense of security?
Hackers are changing their habits and using new methods which are web-based, dynamic in their nature and hidden in otherwise legitimate sites. The end-user remains the weakest link in web security as malware authors exploit this weakness to launch their attacks, preying on human interest, curiosity and behavior. Social networks are “trusted” and users rely on their IT administrator to provide protection, thereby lulling everybody into a false sense of security.
1. Exploiting news events – hackers use headline stories to trick users
Barely 24 hours had passed following the announcement of Gaddafi’s death that we started to see targeted malware being released to exploit the public’s curiosity of this big news story. Cyber-criminals will take advantage of human interest – and big world news stories as these generate a huge amount of coverage and internet activity. The same occurred when Bin Laden died and when the Royal Wedding was held – and the trend will continue. This same trick is used for Halloween and other seasonal stories; we’ve seen many of these emerge on social networking sites and others. Social engineered attacks convince users to download content supposedly related to the event that is infected with new strains of malware. Any event which is highly newsworthy and generates interest will be used to propagate malware, scams and other fraud.
2. Insecure browsers and plug-ins – using only Windows Update is not enough
Although your favorite web browser and operating system may be secured and patched, the reality is that most people do not update browser plugins. Java, Adobe Flash and Adobe Reader browser plugins are often outdated and there are many web exploits which use this weakness to infect networks. Web exploits which target these vulnerabilities specifically (such as the Blackhole exploit kit) are becoming increasingly popular in the cyber-criminal community.
3. Compromised high-profile websites and “drive-by downloads”
So how do these exploits spread? The first method is “fast-flux” sites; websites which are created solely for the purpose of distributing malware for a short time. The second way is by compromising a high profile website and injecting a “drive-by download” – a piece of code which infects a user as soon as they visit a website (there’s no need to click anything – simply visiting the website will infect the user’s machine – hence drive-by). The usps.gov website and the mysql.org website were both subjected to these kinds of attacks.
There is a third method of spreading these infections. Rather than exploiting a specific website, malware authors submit infected content to web advertising companies. This content is then passed onto thousands of websites affiliated with these advertising companies, and any website hosting these adverts will distribute malware until this code is detected. The London Stock Exchange was one website that exposed this kind of attack this year, though it was by no means the only one.
4. Search engine poisoning
End-users have grown accustomed to trust search engines. They (wrongly) believe that a renowned search engine, such as Google or Bing, would never direct them to a website which is infected with malware. But search engines do not really make a distinction between websites; they display search results according to their ranking algorithms. As a result, malware authors inundate search results with links to baited pages that take users to malicious websites which will download malware onto their computer. Since users were becoming suspicious of clicking certain types of links, this kind of search has now shifted towards image searches which are much harder to prevent.
As web threats continue to evolve, it becomes harder and harder to ignore the threat exposed by user web browsing, and as attacks continue to evolve, you need to make sure that your web browsing activity is not giving you more than you bargained for.
Have a look at what GFI WebMonitor can do for you to improve web security, or just download a free trial and give it a spin!
About the Author: David Attard
David Attard has been working in various roles in the IT Industry for more than 10 years. He currently specializes is in the Internet security space. He is Product Manager for GFI WebMonitor® at GFI Software™.
Search engine poisoning can be particularly nasty. I like to recommend that people use the search engine’s preview feature to tell if the site looks like it was legitimately crafted or just built off a template to house a bunch of ads. Is this behaviour actually safe, though?
The preview functionality is the same (or very similar to) as a normal click. If the page is poisoned, the malware could infect anyway. This is why we recommend that you implement web security software at the server level. This would ensure that the software actually prevents that page from being accessed, and thus prevents any potential infection.
That’s why it’s also VERY VERY important to update your browser’s plugins. And, instal only plugins that are from reliable authors. Stay away from those with bad and negative reviews.
In Firefox, all plugins that are available on their download page have comment sections. From here, you can see several user-generated ratings and comments about the plugin. This should serve as your gauge whether or not to install an app to your browser.
Outdated and unsupported browser plugins are also a big NO NO.
This is where we can integrate the features of both an updated browser and secure search engine – just like what Google and Firefox are doing for several years now.
These two Internet giants have a long standing cooperation before – with web security, anti-hacking, anti-spamming, anti-malware, and the likes. Even with Chrome’s introduction to the browser war, Google still did not abandon Firefox.
Not just the typical news headlines but also news regarding Hollywood celebrities, politicians, and sports stars – especially the ones involving sex scandals and nude photos. Hackers and spammers are exploiting the popularity of these media by deceiving users to click a certain link (either to view the full video, download the whole file, or stream some movie clips).
Spammers have done this a million times before. The most famous ones involved sex scandals with Hollywood celebrities such as on the cases of Paris Hilton and Kim Kardashan.