Introduction

A Cyber Threats or Online threats or web threats is any threat that uses the World Wide Web to facilitate cybercrime. Web threats use multiple types of malware and fraud, all of which utilize HTTP or HTTPS protocols, but may also employ other protocols and components, such as links in email or IM, or malware attachments or on servers that access the Web. They benefit cybercriminals by stealing information for subsequent sale and help absorb infected PCs into botnets.

Web threats pose a broad range of risks, including financial damages, identity theft, loss of confidential information/data, theft of network resources, damaged brand/personal reputation, and erosion of consumer confidence in e-commerce and online banking.

It is a type of threat related to information technology (IT). The IT risk, i.e. risk affecting has gained an increasing impact on society due to the spread of IT processes.

Delivery methods

Web threats can be divided into two primary categories, based on delivery method – push and pull. Push-based threats use spam, phishing, or other fraudulent means to lure a user to a malicious (often spoofed) website which then collects information and/or injects malware. Push attacks use phishing, DNS poisoning (or pharming), and other means to appear to originate from a trusted source.

Precisely-targeted push-based web threats are often referred to as spear phishing to reflect the focus of their data gathering attack. Spear phishing typically targets specific individuals and groups for financial gain.

Growth of web threats

The growth of web threats is a result of the popularity of the Web – a relatively unprotected, widely and consistently used medium that is crucial to business productivity, online banking, and e-commerce as well as the everyday lives of people worldwide.

The appeal of Web 2.0 applications and websites increases the vulnerability of the Web. Most Web 2.0 applications make use of AJAX, a group of web development programming tools used for creating interactive web applications or rich Internet applications. While users benefit from greater interactivity and more dynamic websites, they are also exposed to the greater security risks inherent in-browser client processing.

Classification

Malicious software

An internet user can be tricked or forced into downloading software that is of malicious intent onto a computer. Such software comes in many forms, such as viruses, Trojan horses, spyware, and worms.

  • Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. Malware is defined by its malicious intent, acting against the requirements of the computer user, and does not include software that causes unintentional harm due to some deficiency. The term badware is sometimes used and applied to both true (malicious) malware and unintentionally harmful software.
  • A botnet is a network of zombie computers that have been taken over by a robot or bot that performs large-scale malicious acts for the creator of the botnet.
  • Computer Viruses are programs that can replicate their structures or effects by infecting other files or structures on a computer. The common use of a virus is to take over a computer to steal data.
  • Computer worms are programs that can replicate themselves throughout a computer network, performing malicious tasks throughout.
  • Ransomware is a type of malware which restricts access to the computer system that it infects and demands a ransom paid to the creator(s) of the malware in order for the restriction to be removed.
  • Scareware is scam software of usually limited or no benefit, containing malicious payloads, that is sold to consumers via certain unethical marketing practices. The selling approach uses social engineering to cause shock, anxiety, or the perception of a threat, generally directed at an unsuspecting user.
  • Spyware refers to programs that surreptitiously monitor activity on a computer system and report that information to others without the user’s consent.
  • One particular kind of spyware is keylogging malware. Keystroke logging often referred to as keylogging or keyboard capturing, is the action of recording (logging) the keys struck on a keyboard.
  • A Trojan horse, commonly known as a Trojan, is a general term for malicious software that pretends to be harmless so that a user willingly allows it to be downloaded onto the computer.

Denial-of-service attacks

A denial-of-service attack (DoS attack) or distributed denial-of-service attack (DDoS attack) is an attempt to make a computer resource unavailable to its intended users. Another way of understanding DDoS is seeing it as attacks in a cloud computing environment that are growing due to the essential characteristics of cloud computing.

Phishing

Phishing is an attack which targets online users for extraction of their sensitive information such as username, password and credit card information. Phishing occurs when the attacker pretends to be a trustworthy entity, either via email or web page. Victims are directed to fake web pages, which are dressed to look legitimate, via spoof emails, instant messenger/social media or other avenues. Often tactics such as email spoofing are used to make emails appear to be from legitimate senders, or long complex subdomains hide the real website host.

Application vulnerabilities

Applications used to access Internet resources may contain security vulnerabilities such as memory safety bugs or flawed authentication checks. The most severe of these bugs can give network attackers full control over the computer. Most security applications and suites are incapable of adequate defense against these kinds of attacks.

A very common and widespread web-browser application vulnerability is the so-called Cross-Origin Resource Sharing vulnerability- for maximum security and privacy, make sure to adopt adequate countermeasures against it.

Prevention and detection

Conventional approaches have failed to fully protect consumers and businesses from web threats. The most viable approach is to implement multi-layered protection—protection in the cloud, at the Internet gateway, across network servers and on the client.