What Am I Defending Against Online? (5 Online Attacks You Need To Know About)

The chances are if you’re reading this you’ve encountered sypware, malware, viruses, or ‘hackers’ before. We are all told to keep our firewalls and antivirus up to date but how many of us actually know what we are defending against though?

internet_security

I read an interesting article lately entitled 10 easy ways to boost your online security. A great starting point if you want to get to know the basics of a good internet security practice. What I think the article fails to mention is what I consider the biggest asset to any avid computer user – know your enemy. It’s a concept dating back thousands of year past computer security and politics to war and tyranny, popularised by Sun Tzu in the art of war and used as a common strategy in almost any security company today. If you don’t know what you are defending against how can you defend effectively?

If you don’t know much about computer security the following terms may seem foreign to you but hopefully you’ll be able to get a better appreciation for what is out there. Below is a discussion of the 5 most common online attacks a normal user will encounter.

XSS (Cross Site Scripting)

One of the most common online attacks encountered is something called Cross Site Scripting. Cross Site Scripting is when a website has a vulnerability that allows someone to put malicious code (HTML, Javascript) into a non-malicious and trusted website. According to CSO almost 68% of sites out there are open to this type of attack.

There are two main XSS attacks you should be wary of – non-persistent and persistent attacks. A non-persistent attack is when a site has a vulnerability that allows someone to display code in a website where it isn’t meant to be displayed. An example could be using a site that has a search function to inject HTML into the search results. At first glance it doesn’t seem to be that much of a problem but what if I injected HTML code that contained a known Internet Explorer vulnerability that installs a virus on your computer? Say this flaw existed on say a Microsoft website? What that means is I can now send out URLs to a trusted website that in fact now performs a malicious activity.

A persistent attack works the same way as above but is when a vulnerability exists in information stored online. For example when you submit a comment on a blog/social networking site/forum if a vulnerability exists in this system your malicious code will be stored on that site for anyone who accesses it to see. Whenever someone views your comment they will run your malicious code. A trusted website performing a malicious activity.

Viruses and Worms

Viruses and Worms are so similar in structure they can be thrown in the same category. Viruses are generally malicious programs designed to cause harm to a victims computer either through disrupting regular use or destroying files. Viruses usually distribute by infecting files on a target computer which may be sent to other computers. Worms on the other hand are malicious programs designed to seek vulnerabilities on other computers on your network and attempt to take advantage of the vulnerability to distribute.

A common misconception about both viruses and worms is that just by viewing an email you’re infected. While this can be true it doesn’t really tell the full story. All software needs to be activated to run. If you want to start an application you need to first double click it to ‘run’ or activate it. Applications already running can make other applications start as well. An application can’t just ‘magically’ start – nor can a virus. For a virus to just start it will need to take advantage of a vulnerability in your email software, such as using an XSS attack in an email sent to a hotmail account or a vulnerability in your Outlook software which is a lot more complex to accomplish.

Trojans

Trojans are similar to Viruses in that they are applications but, aptly named after the Trojan horse, they are actually malicious programs hidden in trusted software. Generally trojans will inject themselves in to applications and will install themselves at the same time you are installing some legitimate software. Many viruses and worms create trojans in applications already on your computer, injecting themselves into your other applications in case you distribute these to friends.

‘Hacking’

Hacking is one of these buzzwords that gets thrown around a lot but most people don’t understand what it means. Now i’m not going to bore you describing the difference between ‘hackers’, ‘crackers’ and ‘script kiddies’ and how who most people think are ‘hackers’ are actually ‘crackers’. What I am going to discuss is a general definition and that is of someone, not a computer or computer program, attempting an unauthorized visit to your computer with malicious intent. There are many ways someone may attempt to access your computer without resorting to viruses, xss or other attacks. Most people seem really paranoid about someone ‘hacking’ into their computer but to be honest I would draw attention to something I would call the law of malicious ‘hacking’.

A person attempting to access a computer in an unauthorized fashion will only continue such an attempt as long as the amount of effort required match’s the reward obtained

What basically is illustrated above is for the average ‘hacker’ it is way too much effort and too little a reward for hacking into an average joe’s computer. Let’s face it – you don’t actually have anything that is valuable to anyone and if you do you probably have a team of security experts making sure you don’t leave it hanging around on your home computer. This is a subject that could require a whole book on to discuss further but if your interested in discussing ‘hacking’ attacks further (DoS, remote access, software vulnerabilities, etc) comment away below.

Social Engineering

Everyone has heard of those Nigerian email scams but what most people don’t realise is this is an example of social engineering. Social engineering is basically the art of getting access to information you want my manipulating people. Why hack into someones computer and try to steal the password to their online banking when you can just ring them up and pretend to be from the bank and ask them for it? Social engineering has become one the biggest problems online today and is something your antivirus or firewall will be able to defend against. Be vigilant.

These are just a small selection of what’s out there in the world of internet security and while most people seem happy with just a virus scanner I would say the most important thing is a bit of knowledge. If you keep in mind whats out there and use a bit of common sense you shouldn’t have too much problems. Just remember not to give out your credit card information online anytime soon.

Creative Commons LicenseWhat Am I Defending Against Online? (5 Online Attacks You Need To Know About) by Marc Loney is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 2.5 Australia License.

Advertisements

About this entry