In today's interconnected world, where digital technologies play a central role in our lives, ensuring online security has become more critical than ever. This article provides an informative guide on the different types of online cyber attacks individuals may encounter while surfing the internet. It aims to empower readers by increasing awareness and understanding of common cyber threats and guidance on good password management practices.

What are Online Cyber Attacks

Online cyber attacks refer to malicious activities conducted over the internet to compromise the security, privacy, or functionality of computer systems, networks, or individual users. These attacks can target various entities, including individuals, organizations, governments, or even critical infrastructure.

Common Online Cyber Attacks and How to Defend Yourself

Malware and Malicious Code

Source: Security Intelligence

Malicious software, or malware, is a term used to describe software designed to disrupt computer operations or gain access to computer systems, without the user's knowledge or permission. Malware has become an umbrella term used to describe all hostile or intrusive software. Cybercriminals target user’s end devices through the installation of malware Here are some of the well-known malware:

• Virus: A virus is malicious executable code attached to another executable file, such as a legitimate computer program. Most viruses require the user to initiate it and can activate at a specific time or date. Computer viruses usually spread in one of three ways: from removable media like USB flash drives; from downloads of the Internet; and email attachments. Viruses can be harmless and simply display a picture or they can be destructive, such as those that modify or delete data. To avoid detection, a virus mutates/replicates. Once the program virus is active, it will usually infect other programs on the computer or other computers on the network.

• Worms: Worms are malicious code that replicates by independently exploiting vulnerabilities in computer networks. Worms usually slow down networks. Whereas a virus requires a host program, worms can run by themselves. Other than the initial infection, worms no longer require user participation. After a worm affects a host, it can spread very quickly over the network. Worms share similar patterns. They all have an enabling vulnerability, a way to propagate themselves, and they all contain a piece of code that perform actions called payload.

• Trojan horse: A Trojan horse is malware that carries out malicious operations under the guise of a desired operation such as playing an online game. This malicious code exploits the privileges of the user that runs it. A Trojan horse differs from a virus because the Trojan binds itself to files, such as image files, audio files, or games.

• Ransomware: Ransomware holds a computer system, or the data it contains, captive until the target makes a payment. Ransomware usually works by locking the user’s data in a locked box in the computer with a key only known to the attacker. The user must pay a ransom to the criminals to remove the restriction. Some other versions of ransomware can take advantage of specific system vulnerabilities to lock down the system. Ransomware propagates as a Trojan horse and is the result of a downloaded file or some software weakness. Payment through an untraceable payment system is always the criminal’s goal. Once the victim pays, the criminal supplies the key that unlocks the files or sends an unlock code

Defending Against Malware

A few simple steps can help defend against all forms of malware:

• Antivirus program - Installing trusted Antivirus software that scans the system for viruses. The majority of antivirus suites catch the most widespread forms of malware. However, cybercriminals develop and deploy new threats daily. Therefore, the key to an effective antivirus solution is updating the signatures. A signature is like a fingerprint. It identifies the characteristics of a piece of malicious code.

• Up-to-Date Software - Many forms of malware achieve their objectives through the exploitation of vulnerabilities in software, both in the operating system and applications. Operating system vulnerabilities are been rectified by the vendors and are updated and so users should make sure to regularly update their device system updates in order not to be affected by malware infections.

Email and Browsers Attacks

Source: Security Magazine

Spams: Is an unsolicited email and is also known as junk mail. In most cases, spam is a method of advertising. However, spam can send harmful links, malware, or deceptive content. The goal is to obtain sensitive information such as personally identifiable or bank account information.

Most spam comes from multiple computers on networks infected by a virus or worm. These compromised computers send out as many bulk emails as possible. Even with these security features implemented, some spam might still get through. Watch for some of the more common indicators of spam:

• An email has no subject line.
• An email requesting an update to an account.
• The email text has misspelt words or strange punctuation.
• Links within the email are long and/or contain hidden meanings.
• An email looks like correspondence from a legitimate business.
• The email requests that the user open an attachment. If a user receives an email that contains one or more of these indicators, he or she should not open the email or any attachments.

Phishing: Phishing is a form of fraud that uses email, instant messaging, or other social media to try to gather information such as login credentials or account information by masquerading as a reputable entity or person. Phishing occurs when a malicious party sends a fraudulent email disguised as being from a legitimate, trusted source. The message intends to trick the recipient into installing malware on his or her device or into sharing personal or financial information.

An example of phishing is an email forged to look like it came from a retail store asking the user to click a link to claim a prize. The link may go to a fake site asking for personal information, or it may install a virus.

SEO Poisoning: Search engines such as Google rank pages and present relevant results based on user’s search queries. Depending on the relevancy of website content, it may appear higher or lower in the search result list. SEO, short for Search Engine Optimization, is a set of techniques used to improve a website’s ranking by a search engine.

While many legitimate companies optimise websites to better position them, SEO poisoning uses SEO to make a malicious website appear higher in search results. The most common goal of SEO poisoning is to increase traffic to malicious sites that may host malware.

Browser Hijacker: A browser hijacker is malware that alters a computer's browser settings to redirect the user to websites paid for by the cyber criminals' customers. Browser hijackers usually install without the user's permission and are usually part of a drive-by download.

A drive-by download is a program that automatically downloads to the computer when a user visits a website or views an HTML email message. Always read user agreements carefully when downloading programs to avoid this type of malware.

Defending Against Email and Browser Attacks

• Keep your software up to date: Ensure that your operating system, web browser, plugins, and other software are updated with the latest security patches. This helps prevent vulnerabilities that attackers could exploit

• Use a reliable antivirus and antimalware solution: Install reputable security software and keep it updated. Regularly scan your system for malware and follow the software's recommendations for removal.

• Enable safe browsing: Many web browsers offer a safe browsing feature that can help protect you from malicious websites. Ensure this feature is enabled in your browser settings.

• Be cautious with email attachments: Avoid opening email attachments from unknown or suspicious sources. Malicious attachments can contain malware or viruses that compromise your system or steal your information.

• Enable spam filters: Activate spam filters in your email client or service to automatically filter out and move suspicious or unsolicited emails to the spam folder. Regularly review the spam folder to ensure legitimate emails aren't caught by mistake.

• Be wary of unsolicited requests: Be sceptical of unsolicited requests for personal or financial information, even if they appear to come from reputable organizations. Legitimate companies typically do not request sensitive information via email or other unsolicited channels.

Password Management

Source: United States Cybersecurity Magazine

You probably have more than one online account, and each account should have a unique password. That is a lot of passwords to remember. However, the consequence of not using strong and unique passwords leaves you and your data vulnerable to cyber criminals. Using the same password for all your online accounts is like using the same key for all your locked doors, if an attacker was to get your key, he would have the ability to access everything you own.

If criminals get your password through phishing, for example, they will try to get into your other online accounts. If you only use one password for all accounts, they can get into all your accounts, steal or erase all your data, or decide to impersonate you.

Use of a Password Manager

We use so many online accounts that need passwords that it becomes too much to remember. One solution to avoid reusing passwords or using weak passwords is to use a password manager. A password manager stores and encrypts all of your different and complex passwords. The manager can then help you to log into your online accounts automatically. You only need to remember your master password to access the password manager and manage all of your accounts and passwords. An example of a Password Manager is lastpass

Tips for Generating a Good Password

The use of passphrases to generate passwords is becoming the best approach to securing online accounts because it is generally in the form of a sentence rather than a word. The longer length makes passphrases less vulnerable to a dictionary or password-guessing tool known as brute force attacks. Furthermore, a passphrase may be easier to remember, especially if you are required to change your password frequently. Here are some tips for choosing good passwords with passphrases:

1. Choose a meaningful passphrase for you
2. Must have a minimum of 8 characters
3. Add special characters, such as ! @ # $ % ^ & * ( )
4. The longer the better
5. Avoid common or famous statements, for example, lyrics from a popular song

CONCLUSION

Congratulations! You've taken the necessary first step in protecting yourself against online cyber threats. By learning about common cyber risks, best practices for defending yourself, and good password management practices, you can now take control of your digital safety and protect yourself from potential threats. Remember, online safety is an ongoing process. It's necessary to stay updated on the latest threats and best practices and to be vigilant in your online activities.