Internet safety: what you need to know and what to watch out for

The web browser is the most popular application we use. It helps us to “surf” – to visit various sites on the Internet, following hyperlinks. That is why it is the “No. 1” target for cybercriminals.

Over time, browsers have become what we think are secure places to store passwords and usernames for accessing an account, as well as cookies and other information that can be an excellent target for attack. Cybercriminals can remotely control our computer and access the network it is connected to.

Often, users are uncomfortable with the idea that advertisers, for example, can access and monitor their personal information through the browser. According to ESET, one of the world’s leading cybersecurity companies, six of the most important of all existing threats to a web browser can be identified:

1. Vulnerabilities. Attackers can exploit vulnerabilities in browsers or installed plugins/extensions. In this way, malware is installed or confidential data is stolen. At the same time, attacks by cybercriminals often begin with a phishing email or with a visit to a hacked and controlled site (drive-by-download).
2. Malicious plugins. There are thousands of different plug-ins on the market that can improve the user experience on the Internet. But many have privileged access to the browser. That is, seemingly legitimate plugins are actually malicious and can be used to download malware, steal data, and many other dangerous annoyances.
3. DNS cache poisoning. DNS can be called the address book of the Internet. It converts the domain names we enter into IP addresses so that the browser will display the desired websites. Attacks on DNS records that are stored on a computer or on DNS servers allow criminals to change the “path” to malicious domains, such as phishing sites.
4. Session hijacking attacks. When users connect, websites and application servers issue session IDs. In the event that attackers manage to crack or intercept these credentials (if they are not encrypted), they can enter the same sites / applications under the mask of users. And then it becomes extremely easy to steal confidential data and, quite possibly, financial information.
5. “Man in the middle” / attack on the browser. This interference is most often used when using public Wi-Fi networks. If attackers manage to wed themselves between your browser and the sites you visit, they can change direction – redirect to a phishing page, steal a connection, or deliver ransomware.
6. Application use. Cross-site scripting may not be directed at the browser, but at applications on your computer. In this case, the browser is used to deliver or execute a malicious file.

The above scenarios involve cybercriminals. But then there are advertisers, websites and providers that collect huge amounts of data when the user “walks” through the pages of the Internet. And this happens every day.

In this case, we are talking about cookies – small pieces of code generated by web servers and stored by the browser for a certain period of time. On the one hand, they are useful – they store information that makes browsing more personal – for example, they guarantee that the next time you visit a particular site, you do not have to log in again. But on the other hand, cookies pose a privacy problem and, if hackers manage to get hold of the files, carry a potential security risk.

AT EU and the US (in some states) the use of cookies is regulated. However, most users, when a pop-up window with options appears, accept the default settings.

Safe Surfing – Safety Tips:

1. When visiting websites, pay attention to the obligatory presence of a padlock (HTTPS) in the address bar – it means that hackers cannot monitor the traffic between your browser and the web server.
2. Learn more about phishing – the information will help you reduce the risk of browser threats that are transmitted via email and messages. Set a rule for yourself: never reply to spam or open a received email without checking the sender’s details. And, importantly, do not disclose confidential information.
3. Download applications or files only from official sites.
4. Use a Multi-Factor Authentication (MFA) app to reduce the chance of credential theft.
5. Not a free version, but only a VPN from a reliable provider – this should become law. This solution will create an encrypted tunnel for your Internet traffic, ensuring its security and hiding from third parties.
6. Make sure the security software you purchase is from a trusted vendor.
7. Do not turn off automatic updates for your operating system and software on devices.
8. Update your browser settings to prevent tracking, block third-party cookies, and block pop-ups.
9. Between comfort and security, choose the latter and turn off automatic password saving in the browser.
10. Consider using a privacy-conscious browser/search engine to minimize hidden communications.
11. Use private browsing options (such as Chrome’s incognito mode) to prevent cookies from being tracked.
12. Update your browser and plugins to reduce the risk of exploiting vulnerabilities. To minimize the chance of hacker attacks, remove outdated plugins.

Some of these recommendations are optional, depending on your level of privacy concerns. Many users are willing to accept a certain percentage of tracking in exchange for a smoother browsing experience. But security tips – automatic updates, HTTPS, security software – should not be ignored, these actions are necessary to reduce your exposure to cyber threats.

Source link