Maysun In C

Articles - Technology

Types of Web Security Threats

Sonal Panse,

Growth of Threats to Web Security

With an online presence becoming more and more of a necessity for individuals and companies, there has been a corresponding spike in security challenges threatening personal, business, and financial well-being. Scamsters gather where the richest and easiest pickings are to be found, and the web, with its widespread scope, is an excellent hunting ground. It is a flawed perception that only public personalities and large companies are at main risk; if you are on the web, you are a potential target, and you are likely to experience various web security threats, either in the form of links and attachments via email, instant messaging, and social media, or in the form of malware from infected websites.

Reasons for Threats to Web Security

One of the most common reasons that a website may come under attack is because it has data that, if accessed, can be sold to third parties for a profit. Government and corporate websites have to continually upgrade their security systems and remain vigilant to protect their confidential information from being thrown open to enemy states or competitors.

Websites may also be attacked and defaced by hackers seeking to make political or social statements. As the lines blur between offline and online existences, so does the gap between actual and virtual warfare.

Malicious intent is another reason. Why some human beings thrive on causing disruption, harassment, and mayhem is an entirely different discussion, but the fact is that the anonymous nature of the web facilitates the execution of their nefarious activities.

Then there are hackers for whom it is simply a matter of prestige to be able to breach high security sites, just to show the sacred cows that it can be done and nothing is invulnerable. An analogy to rabid mountaineers comes to mind. What is the point of scaling that vertical cliff? The point is the point.

What is at stake?

In the early days of the web, it wouldn't have mattered so much if your website got hacked; it would have been an inconvenient hassle, of course, but not really a life-affecting event. It is different in the present time, since a huge amount of data that does affect not just personal, but also national and international interests, is being stored online. It is possible now for someone to find all your relevant personal and business details, and to use these against you to steal your identity, to execute frauds, to damage your reputation, and to steal your money. On a larger scale, such data thefts could bring about enormous havoc on the financial, commercial, and political fronts, possibly leading to a breakdown of the economy and to an endangerment of public security.

Types of Web Security Threats

Web security experts categorize threats into two broad types, the ones that require some interaction from the users and the ones that only require the users to show up.

The first, also termed as push-based threats, include spam (fake emails with links to down-loadable malware or fake sites that might install the malware), phishing (fake websites that collect personal information), and pharming (fake DNS entries that take you to a fake web address).

The user is lured into divulging personal information by fraudulent messages promising gifts, prizes, lottery wins, and a few millions belonging to foreign governments, or is directed to spoofed websites that ask the user to enter his or her data and/or install malware in the user's device that does the necessary data gathering without further inconveniencing the user.

Sometimes the push-based attacks can be personalized. The hackers will study their potential prey for some time, noting their online behavioral patterns and gathering the information they make available, and they will then formalize an attack plan based on this, coming up with baits that are most likely to entrap that particular user. With singular originality, this has been dubbed as spear phishing.

In all these cases, the attacker plays on human greed for easy, undeserved fame and fortune, and human susceptibility to authority (as in clicking when a well-known celebrity or a high-end company sends them a personal message that says click here), to interesting, topical, and breaking news, and to titillating scandals. Without the user clicking on these seemingly innocuous links, these threats would not work.

But even if you take all precautions to not access messages, links, or attachments from unknown or suspect sources, you still have to contend with what security experts refer to as drive-by downloads, where just being online at the moment of the attack or visiting an infected site can compromise you. In such instances, the malware can be automatically downloaded on your device.

What can be done to ensure web security

Limit the amount of personal information that you put online. While this is getting difficult with everyone trying to build their 'personal brand', do try and find a sensible balance. Do not make life easier for the hackers by using your well-blogged pets' names for passwords, by mentioning where you keep the family silver, and by bragging about being at an exotic locale and therefore not at home (the address of which, also, you have conveniently provided). Some people want to be 'open, because we have nothing to hide', but this is not a smart idea. Privacy is a good, old-fashioned virtue to cultivate. Are the hackers being open with you and divulging their plans to loot you? No. So it might be wiser to be reticent too about presenting them with the keys to your kingdom.

Do not click on links promising you what you don't deserve. If it is too good to be true, it probably isn't true. There is a famous cliché that says 'Nothing is Free'. That is true.

Update your anti-virus and firewall programs.