As the bad guys look for new ways to exploit holes in technology, they have become increasingly financially motivated, with organized crime picking up where the ‘hobbyist hacker’, doing it for kicks, left off.
Perhaps the most significant trend is towards more intelligent, targeted attacks on both individuals and businesses through increased Web presence, social media, and so on.
So, what kinds of web security threats are we talking about? Webroot outlines a few:
Malware, viruses and spyware. Email viruses and malicious code continue to be a potential problem, but more of a risk today is that of spyware downloaded from the Web, which can be used to track the activities of the user to act as a host for sending out Spam emails or denial of service attacks on Web sites, or to serve as a relay point to infect other computers.
Web page drive-by infections. Malicious content can be picked up even from legitimate sites, if these have in some way been hacked. Such code can then infect a desktop computer without any indication, just by visiting the site.
Social engineering and fraud. In these attacks, a Web user is duped into doing something that will open them up to risks. Social networking has made this easier than ever, bringing many more people into potential conversations with Web-based strangers.
Misdirection and phishing. This is where fake Web sites are set up to look like the real thing in an effort to get financial account information, social security info, credit card numbers, and so on. A user may be directed to a phishing site via email, another site and other avenues.
Denial of service and botnets. A denial of service attack may be launched on a corporate or governmental Web site, either for extortion, or simply because of a difference in beliefs: the goal is simply to shut the site down, at least for a period of time.