The most common online security threatsOct 14, 2019 · 6 minutes
As a huge majority of people and businesses today have an online presence, it is not surprising that many people are looking to unethically exploit this for their own personal gains. So, being aware of all the common online security threats is very important for anyone who’s looking to survive on the world wide web. With that in mind, we’ve prepared this article that should keep you informed. Read on to learn more.
The first of the common online security threats that we’ll discuss is comprised of several different threats that are collectively known as malware. Basically, any software that’s designed as a way to endanger your system’s security is referred to as malware. If you want to steer clear of malware, it’s useful to use anti-malware software. Also, you can monitor your website to keep it safe with specialized website maintenance services. There are a few kinds of malware. We’ll explain briefly which are the most important ones and how they operate.
1. Computer virus
The most famous of all the common online security threats are computer viruses. This malicious software can be harmful in several ways. Viruses can steal personal information and other data from your system, including your passwords. They can automatically send spam messages, they might change your security settings (or disable them altogether), and they might even delete all the data from your system. Usually, viruses are distributed as a seemingly normal email attachment or an executable file that’s put up for download. They are designed to be contagious and to keep infecting other files on your system. Regular users are more likely to be struck by this form of malware than all other kinds of malware.
2. Trojan horse
A Trojan horse is among the most dangerous types of security threats today. Named after the legendary wooden horse that the ancient Greeks used to infiltrate Troy, this malware does something similar. Namely, a Trojan horse malware is hidden under the mask of a seemingly useful program. Once you install this program, a Trojan horse infiltrates your system, usually in the form of keylogger software. This kind of software notes everything you type, and then sends that information back to the attackers. Banking details, passwords, credit card information - all of that and more is at risk if a Trojan horse gains foothold inside your system.
3. Adware and spyware
Adware is the kind of malware designed for marketing purposes. Namely, without your knowledge, adware gathers data about you, noting the websites you visit and then displaying intrusive ads in a similar vein. It may alter your search engine preferences and overwhelm you with endless pop-up suggestions on ways to solve non-existing problems on your system. Spyware functions similarly to adware, only with some advanced features. Namely, spyware can also gather data such as passwords and credit card data. While this data is usually only used for marketing purposes (unlike what viruses and Trojan horses do), this is still a harmful violation of privacy.
DoS and DDoS attacks
DoS and DDoS attacks (short for a distributed denial-of-service attack) will completely flood a website with traffic, so much that it won’t be able to function at the time. These things can happen normally too, without an online attack, if a website server faces more traffic than it can withstand (for example, the website of a company that has just launched an extremely popular product). However, in many cases, this is done intentionally, as a way to harm a specific company.
In the past, DoS attacks were more common, but as they were made easier to handle with advancements in technology, cybercriminals needed to come up with a more sophisticated approach. The difference between DoS and DDoS attacks is that DoS attacks are carried out by one computer only, making them largely impotent today. However, by using malware to secretly gain control of their victims’ computers, the attackers will launch a DDoS attack from a lot of different machines, often from all around the world. This makes them very dangerous and hard to defend against.
Phishing is a fraudulent method of obtaining personal information (again, the most important ones being your credit card and banking details, passwords and usernames) by trying to emulate a trusted website or an individual via email. For example, you might get an email supposedly from your bank, asking you to submit personal information. In the event of a phishing attack, this email will be fake, designed so as to look like it was sent by your bank.
Phishing attacks go so far as to emulate the entire website too! Luckily, you can spot a fake website by a similar, yet slightly different address, or links on the page that don’t actually lead anywhere.
A man-in-the-middle (MitM) attack works by stealthily inserting the attacker in the middle of a private conversation. This is a form of online eavesdropping. It can be done easily if your Wi-Fi is insecure, or by using malware to install specific software. One example of a MitM attack begins when one person (we’ll call her Alice, as it is common in cryptology) initiates the conversation by sending her public key to another person (we’ll call him Bob). The attacker, who infiltrated the conversation before it even began, will intercept this message, possibly make some changes, and then send it to Bob, while also including the attacker’s public key. When Bob responds, the attacker will intercept this message too, and re-encrypt it with the public key that Alice had originally used. In this scenario, neither Alice nor Bob will be able to tell that something strange is going on, as they will be both receiving messages with what appears to be a legitimate public key, allowing the attacker to eavesdrop and even create a forged conversation.
SQL injection attacks
The last of the common online security threats that we’ll deal with today is SQL (structured query language) injection attacks. Many websites store their data on servers that use SQL. By inserting malicious code on such servers, the attackers are able to extract confidential information. This online threat is among the greatest security threats when it comes to breaching data confidentiality. Private information can be stolen, altered or destroyed, and website transactions can be voided. Simply by inserting malicious code into an inadequately protected website search field, the attackers can insert a dangerous SQL injection and gain access to data that should have been confidential.