Top 10 Internet Security Threats

Computers and the Internet has become a very important part of our lives. It eases the tasks of our daily life in every way. Whenever we use the Internet for any purpose, we also have some confidential information in it, which we never want to make public, whether we talk about any social media or whether we are in any of our Business. In all these, you have to keep some of your personal information limited to yourself.

If the information of any of these systems gets leaked or someone steals your personal information, then you can suffer a lot of damage. Therefore, Internet Security is very important to avoid any kind of loss or fraud on the Internet.

1. Firewall and System Probing

Hackers are using sophisticated, automated tools to scan for vulnerabilities of a company’s corporate firewall and systems behind the firewall. These hacker tools have proved to be quite effective, with the average computer scan taking less than 2-3 minutes to identify and compromise security.

Companies can prevent this by ensuring that their systems sit behind a network firewall and any services available through this firewall are carefully monitored for potential security exposures.

Here is a list of the best Next Generation Firewalls:

• Perimeter 81 FWaaS
• Fortinet FortiGate (7000 series)
• Forcepoint NGFW
• Palo Alto Networks PA Series
• Juniper Networks SRX Series
• SonicWall Next-Generation Firewall TZ Series
• Barracuda CloudGen Firewall
• Cisco FirePOWER Series
• Sophos XG Series

2. Network File Systems (NFS) Application Attacks

Hackers attempt to exploit well-known vulnerabilities in the Network File System application, which is used to share files between systems. These attacks, usually through network firewalls, can result in compromised administrator access.

To combat this, ensure systems do not allow NFS through the firewall, and enable NFS protections to restrict who can access files.

3. Electronic Mail Attacks

Hackers can compromise network systems by simply sending an e-mail to it. Companies who accept e-mail from the Internet and who have exposed versions of the sendmail program are potential targets from this attack. Last year more than 20,000 systems were compromised due to this exposure.

To prevent this from occurring, check with vendors to ensure systems are running a correct version of sendmail or some more secure mail product.

According to csoonline.com, here are top 15 biggest data breaches:

• Adobe – 153 million user records (Oct 2013)
• Adult Friend Finder – 412.2 million accounts (Oct 2016)
• Canva – 137 million user accounts (May 2019)
• Dubsmash – 162 million user accounts (Dec 2018)
• eBay – 145 million users (May 2014)
• Equifax – 147.9 million customers (July 2017)
• Heartland Payment Systems – 134 million credit cards exposed (March 2008)
• LinkedIn – 165 million user accounts (2012 and 2016)
• Marriott International – 500 million customers (2014-18)
• My Fitness Pal – 150 million user accounts (Feb 2018)
• MySpace – 360 million user accounts (2013)
• NetEase – 235 million user accounts (Oct 2015)
• Sina Weibo – 538 million accounts (March 2020)
• Yahoo – 3 billion user accounts (2013-14)
• Zynga – 218 million user accounts (Sept 2019)

4. Vendor Default Password Attacks

Systems of all types come with vendor-installed usernames and passwords. Hackers are well educated on these default usernames and passwords and use these accounts to gain unauthorized administrative access to systems.

Protect systems by ensuring that all vendor passwords have been changed.

According to NordPass, here are the top 20 most common used passwords:

1. 123456
2. 123456789
3. picture1
4. password
5. 12345678
6. 111111
7. 123123
8. 12345
9. 1234567890
10. senha
11. 1234567
12. qwerty
13. abc123
14. Million2
15. 000000
16. 1234
17. iloveyou
18. aaron431
19. password1
20. qqww1122

5. Spoofing, Sniffing, Fragmentation and Splicing Attacks

Recently computer hackers have been using sophisticated techniques and tools at their disposal to identify and expose vulnerabilities on Internet networks. These tools and techniques can be used to capture names and passwords, as well as compromise-trusted systems through the firewall.

To protect systems from this type of attack, check with computer and firewall vendors to identify possible security precautions.

6. Social Engineering Attacks

Hackers will attempt to gain sensitive or confidential information from companies by placing calls to employees and pretending to be another employee. These types of attacks can be effective in gaining usernames and passwords as well as other sensitive information.

Train employees to use a “call-back” procedure to verify the distribution of any sensitive information over the telephone.

Examples of SE Attacks:

• Phishing
• Spear Phishing
• Baiting
• Malware
• Pretexting
• Quid Pro Quo
• Tailgating
• Vishing
• Water-Holing

7. Easy-To-Guess Password Compromise

Most passwords that are easy to remember are also easy to guess. These include words in the dictionary, common names, slang words, song titles, etc. Computer hackers will attempt to gain access to systems using these easy-to-guess passwords usually via automated attacks.

Protect systems by ensuring that passwords are not easy to guess, that they are at least eight characters long, contain special characters and utilize both uppercase and lowercase characters.

Though you should avoid picking any of these passwords for yourself, try guessing from this list of passwords:

• 123456@
• 12345678
• abc123
• qwerty
• monkey
• letmein
• dragon
• 111111
• baseball
• iloveyou
• trustno1
• 1234567
• sunshine
• master
• 123123
• welcome
• shadow
• Ashley
• football
• Jesus
• Michael
• ninja
• mypassword
• password1

8. Destructive Computer Viruses

Computer viruses can infect systems on a widespread basis in a very short period. These viruses can be responsible for erasing system data.

Protect systems from computer viruses by using anti-virus software to detect and remove computer viruses.

Take a look at 10 of the worst destructive computer viruses of all time.

1. ILOVEYOU
2. Code Red
3. Melissa
4. Storm Trojan
5. Sasser
6. My Doom
7. Zeus
8. Conficker
9. Stuxnet
10. CryptoLocker

9. Prefix Scanning

Computer hackers will be scanning company telephone numbers looking for modem lines, which they can use to gain access to internal systems. These modem lines bypass network firewalls and usually bypass most security policies. These “backdoors” can easily be used to compromise internal systems.

Protect against this intrusion by ensuring modems are protected from brute force attacks. Place these modems behind firewalls; make use of one-time passwords; or have these modems disabled.

10. Trojan Horses

Hackers will install “backdoor” or “Trojan Horse” programs on businesses computer systems, allowing for unrestricted access into internal systems, which will bypass security monitoring and auditing policies.

Conduct regular security analysis audits to identify potential security vulnerabilities and to identify security exposures.

These are the types of Trojans that you need to be aware of:

1. ArcBombs
2. Backdoors
3. Banking Trojans
4. Clickers
5. DDoS Trojans
6. Downloaders
7. Droppers
8. FakeAV
9. Game thieves
10. Instant messaging Trojans
11. Loaders
12. Mailfinders
13. Notifiers
14. Proxies
15. Password stealing ware
16. Ransom Trojans
17. SMS Trojans

• Most Common Online Threats – Protecting Yourself from Digital Scams
• 10 Steps to Secure and Manage Your Passwords
• Gmail and Facebook Users Advised to Secure Their Accounts Immediately
• Pentagon’s Proactive Approach to Cybersecurity – Over 50,000 Vulnerability Reports Since 2016
• Windows Hardening – Key Points To Remember
• Top 10 Fundamental Questions for Network Security
• How to Remove x-powered-by in Apache/PHP for Enhanced Security
• 12 Point Checklist – PHP Security Best Practices
• Secure Programming Checklist – 2023 Compilation Guide
• The Ultimate Network Security Checklist – 2023 Complete Guide