Not so many years ago the bulk of cybercriminal activity was conducted through email. Would be hackers could target huge percentages of the population with little effort and cause mayhem with very little effort. But as businesses and private users became aware of the danger of email exploits these Cybercriminals were forced to relocate their activity elsewhere. Sadly, a world of possibilities was still available to them in the form web based malware.

Web based vulnerabilities can end in disastrous results for businesses. At the start of 2008 it was reported that on average 4 legitimate websites were being tainted with malicious code ever minute. So bad has the problem become that malware creation packages have been found available on many disreputable websites. Because these vulnerabilities can pop up at any number of sources prevention is better than looking for a cure.

Very simple steps can be taken to make sure that your web experience is secure. The easiest way for attackers to compromise your web experience is by finding holes in your web browser platform. It might seem simple but many people still don’t install regular patches for their web browsers. Upgrading your web browser should be your first line of defense against cybercriminals. Second, just like your browser make your antiviral and security software is up to date; many Virus and Trajan families are updated weekly to bypass new security. Next, be aware of what you download and be sure that it is coming from a reputable source. Phantom down loaders are small bits of code placed on a website that once downloaded will give hackers a back door to download other harmful materials and can often be masked to look like other types of files.

Additional concerns extend over to the network side of things. It’s been reported that 2/3rds of security breaches happen internally as opposed to from someone outside the company. Some months ago I was analyzing a client’s website and happened across a file in their base directory that contained all the passwords needed to access their web server. I quickly notified them and the problem was corrected but had an attacker found this information they could have taken down their entire web presence. Other problems can arise from improperly assigned shared folder permissions that allow access to secure files anywhere on the network. All it takes is one disgruntled user to find these files and it could cost your business thousands.

Knowledge and diligence are your best defense against attackers. Keep up to date and keep track of your network settings and you can ensure that your web and network activity remain secure.

– Richard Keene
IT Computer Support of New York
Design and Optimization Department