• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • About
    • Secure360
    • UMSA
    • Get Involved
  • Events
    • Secure360 2021
    • Student360
    • Past Events
      • 2020 Secure360 Twin Cities
      • 2020 Student360
      • 2019 Secure360 Twin Cities
      • 2019 Student360
      • 2018 Secure360 Twin Cities
      • 2018 Secure360 Wisconsin
      • 2018 Student360
      • 2017 Secure360 Twin Cities
      • 2017 Student360
      • 2016 TC Secure360 Conference
      • 2015 Secure360 Conference
      • 2014 Secure360 Conference
      • 2013 Secure360 Conference
        • 2013 Secure360 Conference Speaker Presentations
      • 2012 Secure360 Conference
  • For Sponsors
    • Secure360 Twin Cities
    • Student360 Sponsors
  • For Speakers
    • Secure360 Speaker Details
    • Student360 Speaker Details
  • Blog
  • Nav Social Menu

    • Facebook
    • LinkedIn
    • Twitter
    • Vimeo

Secure360

3 most common online attacks

November 12, 2015 by Secure360 and UMSA

common online attacks

Copyright: 123rf/ximagination

A week or so ago, we talked to you about common social media cyber scams and attacks. Today, we want to cover more broadly, the most common online attacks. Last year alone, online computer hackers infiltrated and exposed the personal information of 110 million Americans – almost half of the U.S. adult population. The goal is to raise awareness of the variety of online attacks that individuals are susceptible to when they are using and navigating the web. Here is a list of the 3 most common online attacks and how to prevent them:

Trojan horse files

Socially engineered Trojans provide the number 1 method of online attacks. An end-user browses a website that is usually trusted, but it prompts him or her to run a Trojan. More often than not, the website is a legitimate, innocent site that has been temporarily compromised by hackers. The Trojan file is created by combining a benign file with a malicious file. The user usually sees an attractive file, such as a game, screensaver, browser plug-in or admin utility, but the benign file is used to host the malicious download. The user is fooled into thinking the only item being received is that of the website host. Once the host file is opened, the malicious file is secretly delivered to the system.

Prevent it: Users should always be extra cautious when accepting files from outside sources, by seeking out the original provider or vendor of a file rather than use an intermediary file host, exchange or distribution service. Avoid the use of peer-to-peer file sharing services, don’t open email attachments from unknown sources and don’t use portable storage devices that may have come in contact with unknown systems. The best protection against Trojan files is to avoid exposure to potentially compromised host files.

Unpatched software

Unpatched client software and vulnerable Internet-facing websites are serious cybersecurity risks for businesses. These attacks exploit client-side vulnerabilities in commonly used programs such as Java, Adobe PDF Reader, QuickTime, Adobe Flash and Microsoft Office. Some of these attacks come in the form of a prompt to download documents from a trusted site, but others do not even require the user to open documents. Simply accessing an infected website is all that is needed to compromise the client software.

Prevent it: Stop what you’re doing and make sure your patching is perfect and all your software is updated. At the least, make sure your top most exploited products, including Java, Adobe, browser admins, OS patches, and more have been updated. Better patching and program updates are a great way to decrease risks.

Phishing attacks

In August 2015 it was reported that the percentage of spam in email traffic accounted for 53.4%. Antispam vendors have made great strides, lowering the amount of spam from almost 70% of your inbox just two years ago, so most of us have reasonably clean inboxes. Regardless, you still likely receive several spam emails each day, and a least a few of them are phishing attacks. Effective phishing e-mails look like legitimate sources, often even warning the reader not to fall for fraudulent emails. The only thing that gives them away is the rogue link asking for confidential information.

Prevent it: We’ve talked about it before—your employees click everything, and maybe you’re guilty of it too. There are various types of phishing attacks that are used by cybercriminals, and the best chances of decreasing risk from phishing attacks is mostly accomplished through better end-user education and anti-phishing tools.

Unfortunately, these are just 3 common ways that cyber criminals are targeting users online. One of the best forms of defense from online attacks is for users to remain educated on the types of attacks that they may be vulnerable to. Users should invest time and money defending and educating themselves against the threats available online.

Filed Under: Business Continuity Management, Cybersecurity, Risk and Compliance

About Secure360 and UMSA

The Secure360 and UMSA team is made up of professionals in the security and risk management industries. Topics of expertise range from physical security, IT, risk management, cybersecurity, cloud, information security and records management.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Categories

  • Uncategorized
  • Guest Posts
  • Business Continuity Management
  • News and Events
  • Physical Security
  • Cybersecurity
  • Professional Development
  • Risk and Compliance

latest tweets

  1. Secure360 Conference
    Secure360 Conference: We are honored to be listed on the Top 20 Cyber Conferences for 2021 -> https://t.co/MnrQ3E5ifw
    about 1 day ago

  2. Secure360 Conference
    Secure360 Conference: Fascinating stuff about the shift from brick & mortar to e-commerce, from Diamond Sponsor @cisco! https://t.co/4GaYGQKZ1a
    about 3 days ago

  3. Secure360 Conference
    Secure360 Conference: Seize the opportunity in the post-covid world to create a DevSecOps culture. Read how in a blog post by #Sec360 Gol… https://t.co/Hk5HrDRtcP
    about 3 days ago

Footer

Contact

For more information about UMSA events, contact: Marie Strawser

Email List Signup

Join our email list for monthly Secure360 news and updates!




Join our tradeshow email list for updates on sponsorship opportunities and upcoming exhibitor deadlines.

Sponsored by:
© 2021 Secure360. All rights reserved.