What is a “web-based” attack? How do they happen, and how are they prevented? What effect do they have on my computer? My firm’s sensitive information? Should I care?
Let’s answer some of these questions, shall we?
Have you ever been surfing the web when all of a sudden, a screen popped up that said your computer was infected? Were you surprised when it knew your IP address? Or that it was smart enough to know what browser you were using? Did it give you a phone number to call or tell you to click a link for remote support?
What about this: You’re cruising along, minding your own business, and decide you want to visit a perfectly legitimate website. Nothing bad about that, right? But you misspelled the domain name by one letter, or maybe you “googled” it and clicked on a link that you thought was perfectly harmless. Either way, you ended up somewhere that you aren’t supposed to be and you know it because you see a warning: “Deceptive site ahead”.
Are these warnings real? Do you click the link and hope for the best? Do you turn off your computer, unplug it from the network, disable your wi-fi, and put a sign on it warning others not to use it? Do you set the thing on fire and walk away?
If you’re like me, the more you hear about ransomware attacks and data being stolen, the more you want to stay as far away from the internet as possible. But since business can’t get done that way, we have no choice but to face the threats, and believe it or not, we can all do our part.
So what is a web-based attack?
A web-based attack is an attack in which a hacker infects a website with malicious code (a virus, for example) which can automatically download to your computer without you even knowing it. Once downloaded, the virus allows the author of the virus to remotely control your device, steal password information, or even infect other computers.
According to Verizon’s 2016 Data Breach Investigation Report, which is based on real-world investigations and reports of over 100,000 security incidents, web based attacks account for a whopping 50% of cyber attacks. It is the number one way data gets stolen and that’s why you should care!
“Wait, you mean viruses aren’t just attached to emails?”
Sadly, that’s what I’m saying. In today’s world, threats lurk in every corner of cyber space, from email to social media to websites – and even mobile apps! They disguise themselves, they hide themselves, and they never have good intentions.
To learn more about threats and how you can do your part read this article from the FTC: Tech Support Scams — Tells what to do if you get a pop-up, call or any other urgent message about a virus on your computer.
And if you’re serious about surfing the web and protecting your firm’s data, Ntrepid’s secure isolated web browser, Passages, is made for doing just that. Passages will isolate itself from your computer, it can make your location anonymous, and it can protect your firm from web-based attacks.
If you’re interested in learning more about Passages, you can contact me directly. If you’re interested in learning more about what hackers are going to do with your data once they steal it, stay tuned for my next article.