There are many dangers lurking on the Internet – all kinds of malware threaten PC systems and their data. And new types of malware pop up every day. In our TOP 10 online threats, we show you the methods that hackers use to get their data and how you can protect yourself against them with hardware and software-based solutions. In addition, a few tips on how to minimize the dangers of your own (surfing) behavior.
What dangers lurk in the WWW?
Viruses, Trojans & Worms
Although they have been around for decades, viruses, worms and Trojans still represent the greatest threats from the network to computer systems. And the amount of malware in circulation is increasing every day: around 350,000 new species appear on the network every day. The terms viruses and worms are often used interchangeably, but they are different types of malware.
The computer virus is the oldest malware. As early as 1974, “Rabbit” was the first computer virus to be developed. Viruses are programs that can replicate themselves to spread from computer to computer in this way. Then steal or delete data on the affected systems. Most viruses are hidden in a program. As soon as the user runs this program, the virus spreads. Viruses are spread by the user by inadvertently forwarding the infected files e.g. by e-mail or on data carriers such as USB sticks, drives and memory cards.
Worms are similar to computer viruses, but they do not depend on the “assistance” of the user and spread independently via networks and data carriers by mercilessly exploiting security gaps.
In contrast to worms, Trojans do not reproduce on their own. They often pretend to be legitimate software and then nestle on the computer unnoticed . Trojans give hackers direct access to computers, so they can manipulate, steal or delete data.
The user is infected by web-based malware in particular when using outdated web browsers. Often it is browser plugins that allow this malware to install itself on the computer. Many millions of Internet addresses are infected with web-based malware.
Spam, spyware and adware
Who does not know it: the e-mail inbox is full of unwanted (oftentimes advertising) messages. These emails are not only annoying, they can also be dangerous. Because it is not always just advertising emails. These messages are often linked to an infected file or a link to malware. The e-mails are sometimes so well camouflaged that you have to look very carefully. For example, there are fake bills and invoices in circulation.
Spyware (spying software) spies on user behavior and data without the knowledge and consent of the owner. They are used to analyze the user’s surfing behavior; the data obtained are used commercially. It is not uncommon for companies to develop spyware themselves in order to find out more information about their customers.
Anyone who is infected by adware (advertising software) will be shown unwanted advertising. Adware is often built into free programs and is difficult to detect. The advertisements can also reach the PC via infected websites. Usually, adware does not harm your computer, but it is very annoying.
Phishing describes the attempt by hackers to gain access to sensitive user data via fake websites, e-mails or instant messengers. In such e-mails, the user is asked to visit fake websites or to disclose secret access data.
Well-known, trustworthy websites are imitated and the users’ good faith is shamelessly exploited. Sometimes the fake websites look so real that you can hardly make out any differences from the original. Commonly, hackers target account or company-critical data when phishing. In the worst case, bank accounts can be looted in this way.
Bot networks (Botnets)
Botnets are a whole group of PCs that have been infected with malware and digitally connected together to form a large network. These botnets often extend over several thousand computers. The malware used are called robot programs (bots). They are controlled remotely by hackers and usually used for criminal offenses.
For example, they automatically send massive amounts of spam and spy out data. All of this happens in the background without the user being able to suspect that his computer has become part of criminal structures. In addition to computers, mobile devices such as smartphones or tablets can also be affected by bots.
Denial of service attacks
A constant availability of servers, applications and data is essential for companies. This is exactly what the hackers target in a Denial-of-Service (DoS) attack. They try to attack websites and servers in order to make important data or entire systems inaccessible to the owner. This is usually achieved through targeted attacks on servers with the aim of overloading them completely. To this end, huge numbers of requests are directed to the server.
Ransomware (“ransom software”) is based in principle on DoS (Denial of Service) with the aim of extorting ransom from the user. For example, the entire computer is locked and data scrambled or encrypted such that when the system starts, only an unavoidable request appears asking the victim to transfer a certain amount of money in order to regain access. If the user does not comply with this request, data deletion will be threatened.
Scareware (“Scary software”) describes malware that is intended to frighten and unsettle the user in order to induce him to take certain actions. Common examples of scareware are fake error messages, suspected virus infections of the computer or programs that claim to come from government agencies.
What all these attempts at deception have in common is to suggest a fear-inducing danger and to offer a suitable solution to the problem. The unsuspecting user who wants to protect his PC system with such a supposed solution might end up installing malware.
Crypto Mining Malware
The focus here is on mining Trojans in particular. Once these have established themselves on the PC, they abuse its computing power to generate digital currencies such as bitcoins. The result: the PC reacts extremely slowly and can no longer be used productively. In addition, power consumption skyrockets.
Not only in constant use in the private sector, but also in everyday life in companies: smartphones and tablets. They often don’t take security as seriously as they do with computers. These devices log into the company network in the same way and save sensitive company data.
Android in particular is vulnerable to attacks. Because even in the Android Play Store you can catch mobile malware. In addition, the manufacturers of Android devices often deliver security updates and patches late, which further reduces security. Most computer malware, if modified, can also be dangerous for mobile devices.
Special forms of mobile malware are:
SMS & instant messenger malware
Exploits to gain root access to the smartphones
Cyber miners who divert computing power
How can I protect myself from attacks?
To protect yourself against threats from the Internet, you can fall back on software and hardware-based solutions. The latter play an important role especially for companies and less so for private users. In addition, the behavior of the user is also of crucial importance. Through their behavior, they can make a significant contribution to the security of his system.
Software based solutions
This includes the classic virus scanner, which should be mandatory for every computer. Although Windows already contains an integrated virus protection with the Defender, it is highly recommended to install an additional virus scanner from a third party. This allows you to specifically close the security gaps in Microsoft Defender. The tried and tested free virus scanners for private users include McAfee, NOD32, Kaspersky, Bitdefender Free Edition, AntVir Free, avast Free or AVG AntiVirus Free.
Virus scanner: paid or free?
Free virus protection programs usually offer good basic protection, but often do not have all the security functions. Entrepreneurs and businesses in particular should take advantage of extended security packages.
The antivirus suite should offer the most comprehensive protection possible against all threats. Internet security software usually has even more extensive protection than a pure antivirus scanner. Virus scanners and Internet security software should, however, only represent a mainstay of corporate IT security.
Hardware-based security solutions
In addition to software-based protective measures, companies in the area of network security are particularly dependent on hardware-based solutions in the form of firewalls, VPN gateways and other security devices.
Hardware-level firewalls close security gaps in the company network
Firewalls at the hardware level are a very important part of protecting your own network. They protect the network from unwanted access and attacks. Security gateway routers also offer extended protection at the hardware level and, with VPN connections, ensure more security through encrypted data transmission over the Internet.
In principle, Apple devices ( iPhone , iPad ) are much better protected against attacks than Android smartphones and tablets. One of the reasons for this is that Apple only has the AppStore as a software source. All applications from there have been checked. Apple itself guarantees security and even prohibits virus scanners in the App Store. It can be said that iOS is generally very secure and attacks are very rare.
With Android devices, however, despite efforts by Google, infections seem to be more common though not overwhelming. There are also android antivirus apps that will protect your phone from most of the common attacks.
Successful cyber attacks are often based on incorrect user behavior: the best antivirus protection is common sense. Because wherever cyber criminals get stuck thanks to hardware and software-based protective measures, it is the user’s inexperience that is shamelessly exploited.
In particular, the risks of phishing, ransomware or spyware and adware attacks can be greatly reduced by careful surfing behavior. So always show a certain amount of suspicion and caution. In particular, caution should be exercised when prompted to perform certain actions.
With a little bit of mindfulness (checking the sender, spelling, language, meaningfulness, etc.), some attacks can be exposed quite easily.
There is still room for improvement when it comes to password security
According to a survey by the e-mail provider Web.de, 59 percent of those questioned use the same password for multiple accounts. Once cracked, a potential hacker would have access to multiple accounts.
Data from Statista shows that the majority of users use passwords with imaginary names. Although this is much better than pure number or letter passwords, it should not replace a complex password made up of numbers, letters, upper and lower case or special characters.
Only 10 percent of those surveyed in 2019 were better protected against attacks by such a password generated by a password generator.
Tips for targeted defense against Cyber attacks
- Don’t click any questionable links
- Do not surf any pages that your browser has identified as a potential threat
- Do not open any unknown e-mail attachments (especially ZIP files and Office documents (Word, Excel and PowerPoint)
- Download software / apps only from safe sources
- Keep the operating system, virus protection software and the firmware of security hardware up to date with updates
- Back up your data regularly
- Disconnect the backup data carrier from the PC as long as it is not needed
- Assign complex passwords made up of letters, numbers and special characters (password generators can help here)
- Change your passwords regularly
- Use of secure VPN connections
- Encrypt sensitive data
- Erase data securely and irrevocably
- Choose your cloud provider wisely
- Encrypt your WLAN network according to the current WPA standard
- Enable website filters in Browser Router
- Also pay attention to the security of your smart home devices