A week or so ago, we talked to you about common social media cyber scams and attacks. Today, we want to cover more broadly, the most common online attacks. Last year alone, online computer hackers infiltrated and exposed the personal information of 110 million Americans – almost half of the U.S. adult population. The goal is to raise awareness of the variety of online attacks that individuals are susceptible to when they are using and navigating the web. Here is a list of the 3 most common online attacks and how to prevent them:
Trojan horse files
Socially engineered Trojans provide the number 1 method of online attacks. An end-user browses a website that is usually trusted, but it prompts him or her to run a Trojan. More often than not, the website is a legitimate, innocent site that has been temporarily compromised by hackers. The Trojan file is created by combining a benign file with a malicious file. The user usually sees an attractive file, such as a game, screensaver, browser plug-in or admin utility, but the benign file is used to host the malicious download. The user is fooled into thinking the only item being received is that of the website host. Once the host file is opened, the malicious file is secretly delivered to the system.
Prevent it: Users should always be extra cautious when accepting files from outside sources, by seeking out the original provider or vendor of a file rather than use an intermediary file host, exchange or distribution service. Avoid the use of peer-to-peer file sharing services, don’t open email attachments from unknown sources and don’t use portable storage devices that may have come in contact with unknown systems. The best protection against Trojan files is to avoid exposure to potentially compromised host files.
Unpatched client software and vulnerable Internet-facing websites are serious cybersecurity risks for businesses. These attacks exploit client-side vulnerabilities in commonly used programs such as Java, Adobe PDF Reader, QuickTime, Adobe Flash and Microsoft Office. Some of these attacks come in the form of a prompt to download documents from a trusted site, but others do not even require the user to open documents. Simply accessing an infected website is all that is needed to compromise the client software.
Prevent it: Stop what you’re doing and make sure your patching is perfect and all your software is updated. At the least, make sure your top most exploited products, including Java, Adobe, browser admins, OS patches, and more have been updated. Better patching and program updates are a great way to decrease risks.
In August 2015 it was reported that the percentage of spam in email traffic accounted for 53.4%. Antispam vendors have made great strides, lowering the amount of spam from almost 70% of your inbox just two years ago, so most of us have reasonably clean inboxes. Regardless, you still likely receive several spam emails each day, and a least a few of them are phishing attacks. Effective phishing e-mails look like legitimate sources, often even warning the reader not to fall for fraudulent emails. The only thing that gives them away is the rogue link asking for confidential information.
Prevent it: We’ve talked about it before—your employees click everything, and maybe you’re guilty of it too. There are various types of phishing attacks that are used by cybercriminals, and the best chances of decreasing risk from phishing attacks is mostly accomplished through better end-user education and anti-phishing tools.
Unfortunately, these are just 3 common ways that cyber criminals are targeting users online. One of the best forms of defense from online attacks is for users to remain educated on the types of attacks that they may be vulnerable to. Users should invest time and money defending and educating themselves against the threats available online.