Learn about the most prevalent online attacks and how to take preemptive action to protect yourself and your data
As technology has evolved, so have cyber threats. Hackers can target individual devices and compromise the security of personal data and information such as passwords, account numbers, and even medical records. The destructive results could be identity theft, leaked company secrets, a destroyed credit score, or drained bank accounts. In the era where all information is stored and transmitted online, it can be easy for attackers to steal your personal data.
HTTP works as a request-response action between the browser and server. For example, a request is sent to a server when you click on a search engine result, and the response back to your browser directs you to the correct page. HTTP injection attacks occur when an attacker intercepts the response from a server and injects malicious code. This can result in data loss or corruption, downloaded malware, or even device takeover. HTTP injections can also be an easy “in” to a device or network, allowing a hacker access to perform more damaging tasks.
A man-in-the-middle attack consists of a victim, an entity the victim would like contact with, and the attacker. The attacker inserts themselves between the victim and the entity with the intention to steal personal information such as login credentials, or bank account and credit card numbers. Typical methods of MITMs include phishing attacks, stealing browser cookies, and identifying saved login information.
HTTPS functions the same as HTTP in its request-response protocol, but is more secure due to request encryption through SSL. SSL stripping entails removing the web page encryption offered by HTTPS. When a web browser first comes in contact with a server, there is a redirection to the secure HTTPS. During this brief gap before encryption, attackers can intervene to demote HTTPS to the more vulnerable HTTP. The attacker will then continue to establish an HTTPS connection between himself and the server, and an unsecured HTTP connection with the user, acting as the “man-in-the-middle” between them with access to your data.
Entering a website using an unsecured network allows the attacker to use the weak network to latch onto the packets of information between you and the site you are trying to connect to in a process known as packet sniffing. Any stored cookies will be stored by the hacker as well, including passwords to important online accounts.
Fake Wi-Fi hotspots
It is easy for an attacker to set up a hotspot to look reputable, such as naming it ‘Starbucks’ inside of a coffee shop, or giving it an identical name to a network you frequently use. When users connect to this fake Wi-Fi hotspot and start transmitting data, all that information is immediately delivered to the hacker.
Armed with the right tips and tricks, you can avoid each of these cyber attacks and ensure the safety of the websites that you visit.
How a VPN can help
A VPN can be your best friend in staying protected from cyber attacks. VPN stands for virtual private network, and connects remote sites or users through a public network, most commonly the internet. By routing the internet through your chosen private network server, the VPN hides your personal IP address, encrypts data, and protects your identity. With all information encrypted from Point A (you) to Point B (the intended location), any data intercepted by attackers is unreadable. This allows a secure connection over both public and private networks.
About Avast SecureLine
Avast SecureLine VPN creates a tunnel of powerful encryption, so no one can see what you’re doing. SecureLine brings worry-free, secure online browsing to computers and mobile devices on both public and private networks. SecureLine also monitors data traffic to detect any potential threats such as an unsecured network or potential attacker lying in the data stream, and recommends turning on VPN services. Now that you know the dangers of public networks and unencrypted data, it’s time to protect yourself and your information.
In order to protect our loved ones and our communities during the holiday season, we've put together a list of seven creative and heartfelt tips on how to host a virtual holiday this year.
This week's Privacy Refresh is all about Instagram. Here are a batch of daily tricks to protect your privacy while using this popular platform.
Reviewing Tanya Janca's "Alice and Bob Learn Application Security", which is both a crash course in app security for newbies as well as a refresher for those that have been doing the job for a few years.