Learn how to spot some of the threats you might encounter while browsing the web, and what to do to stay safe.
Our gateway to the digital world is the so-called web browsers. Every day, we spend endless hours on them and that is exactly why they are considered a valuable target for cyber crooks.
Over the years, web browsers have become the place where our passwords and usernames are stored to enter an account, cookies and other "juicy" information that could be an excellent attack target. Cybercriminals have the ability to remotely control our computer and gain access to the network it is connected to.
In addition, many users we may feel uncomfortable thinking that advertisers and others are accessing and tracking our personal information through the browser.
"Fortunately, there's a lot you can do to manage these risks," says Phil Muncaster from the team at global digital security firm ESET.
Let's look at some of them.
The 6 most important threats to a browser
There are many threats out there: some target browsers more directly than others. These are some of the most important:
- Exploiting vulnerabilities in browsers or plugins/extensions you may have installed. This tactic could be used to steal sensitive data or download malware. Attacks often start with a message phishing or by visiting a website that has been hacked or is controlled by the attacker (drive-by-download).
- Malicious plug-ins: There are thousands of plugins in the market that users can download to improve their browsing experience. However, many of them have privileged access to the browser. This means that malicious plugins that are faked to look legitimate can be used to steal data, download additional malware, and more.
- DNS Poisoning: DNS is the Internet's address book, which converts the domain names we type into IP addresses so browsers can display the websites we want to visit. However, attacks on the DNS entries stored by your computer or on the DNS servers themselves could allow attackers to redirect browsers to malicious domains, such as phishing websites.
- Attacks Session hijacking: Session IDs are issued by websites and application servers when users connect. But if attackers manage to crack these identifiers or intercept them (if they are not encrypted), then they could log into the same websites/apps masquerading as users. Then, it is easy to steal sensitive data and possibly financial information.
- Man in the middle attack/Browser attack: If attackers manage to get between your browser and the websites you visit, they may be able to modify traffic – for example, redirect you to a phishing page, deliver ransomware or steal connections. This is especially true when useste public Wi-Fi networks.
- Exploit web applications: Attacks such as cross-site scripting can target applications on your machine rather than the browser. In this case the browser is used to deliver or execute the malicious file.
Privacy: as everyone sees it
All of these scenarios involve malicious third parties. But let's not forget the large amounts of data that internet providers, websites and advertisers collect every day as users browse the web.
Cookies are small pieces of code created by web servers and stored by your browser for a certain period of time. On the one hand, they store information that can help make your browsing experience more personalized – for example, showing you relevant ads or ensuring that you don't have to log in every time you visit the same website. On the other hand, however, they are a privacy issue and a potential security risk if hackers get hold of the cookies.
In the European Union and some US states, the use of cookies is regulated. However, when presented with a pop-up window of options, many users simply click and accept the default settings.
How to surf the internet safely
Users can do a lot to reduce security and privacy risks while browsing the web. Some are browser specific - others are best practices that can have a positive impact. Here are some key best practices:
- Only visit HTTPS websites (with a padlock in the browser's address bar), which means hackers can't track the traffic between your browser and the web server.
- Learn about phishing to reduce the risk of browser threats transmitted via email and electronic messages. Never reply to or click on a spam email without checking the sender's details. And don't give out sensitive information.
- Think before you download apps or files. Always use the official sites
- Use a multi-factor authentication (MFA) application to reduce the impact of credential theft.
- Use a VPN from a trusted provider, not a free version. This will create an encrypted tunnel for your internet traffic to keep it secure and hidden from third parties
- Invest in security software from a trusted vendor
- Ενεργοποιήστε τις αυτόματες ενημερώσεις στο functional σας σύστημα και στο λογισμικό των συσκευών/μηχανημάτων σας
- Update your browser settings to prevent tracking and block third-party cookies and pop-ups
- Disable automatic password saving in the browser, although this will affect the user experience when logging in
- Consider using a privacy-conscious browser/search engine to minimize hidden data sharing
- Use private browsing options (eg Chrome's Incognito mode) to prevent cookie tracking
- Keep your browser and plugins up to date to reduce the risk of exploiting vulnerabilities. Uninstall outdated plugins to further reduce the possibility of attacks.
Many of the tips above are optional and depend on how strong your privacy concerns are. Some users are willing to accept a certain percentage of tracking in exchange for a smoother browsing experience.
However, security tips (such as HTTPS, automatic updates, security software) are essential to reducing your exposure to cyber threats. Happy browsing.
