Web threats definition
Web-based threats, or online threats, are a category of cybersecurity risks that may cause an undesirable event or action via the internet.
Web threats are made possible by end-user vulnerabilities, web service developers/operators, or web services themselves. Regardless of intent or cause, the consequences of a web threat may damage both individuals and organizations.
This term typically applies to — but is not limited to — network-based threats in the following categories:
- Private network threats - impact sub-networks connected to the wider global internet. Typical examples can include home Wi-Fi or ethernet networks, corporate intranets, and national intranets.
- Host threats - impact specific network host devices. The term host often refers to corporate endpoints and personal devices, such as mobile phones, tablets, and traditional computers.
- Web server threats - impact dedicated hardware and software that serve web infrastructure and services.
What are web threats?
Internet-based threats expose people and computer systems to harm online. A broad scope of dangers fits into this category, including well-known threats like phishing and computer viruses. However, other threats, like offline data theft, can also be considered part of this group.
Web threats are not limited to online activity but ultimately involve the internet at some stage for inflicted harm. While not all web threats are created deliberately, many are intended — or have the potential — to cause:
- Access denial. Prevention of entry to a computer and/or network services.
- Access acquisition. Unauthorized or unwanted entry into a private computer and/or network services.
- Unauthorized or unwanted use of computer and/or network services.
- Exposing private data without permission, such as photos, account credentials, and sensitive government information.
- Unauthorized or undesired changes to a computer and/or network services.
In recent years, the landscape of web threats has grown significantly. Technologies like smart devices and high-speed mobile networks have allowed for an always-connected vector of malware, fraud, and other complications. Also, web adoption in areas like communications and productivity via the Internet of Things (IoT) has outpaced user security awareness.
As we continue to rely more on the web for daily living, it will keep exponentially rising as an attractive attack option for malicious parties. Convenience and a lack of caution around web use are among the top concerns that continue to pose new risks to privacy and security.
While targets are typically computer-based, human victims ultimately experience the lasting effects of a web threat.
How do web threats work?
When a web threat arises, certain circumstances align to make it a point-of-concern.
Namely, there are a few basic components to any web threat:
- Threat motives give an intentional threat agent a reason or goal to cause harm. Some threat agents don’t act intentionally or act autonomously and may, therefore, be absent of motive.
- Threat agents are anything or anyone that can negatively impact — with the internet either as a threat vector or a target itself.
- Vulnerabilities include any human behavior weakness, technology systems, or other resources that can lead to a damaging exploit or incident.
- Threat outcomes are the negative results of a threat agent acting against one or more vulnerabilities.
As these components interact, a threat becomes an attack on computer systems. Threat motives can include any of the following: financial, surveillance, information, retaliation, sabotage, and more.
Threat agents are typically people with malicious intent. By extension, agents may also be anything that is manipulated into acting in favor of the original threat agent. However, some threat agents
— such as destructive nature events — act entirely without human intervention.
The types of threat agents include:
- Non-human agents: Examples include malicious code (viruses, malware, worms, scripts), natural disasters (weather, geological), utility failure (electrical, telecom), technology failure (hardware, software), and physical hazards (heat, water, impact).
- Intentional human agents: Based on malicious intent. Can be internal (employees, contractors, family, friends, acquaintances) and external (professional and amateur hackers, nation-state actors and agencies, competitor corporations)
- Accidental human agents: Based on human error. Similar to intentional threats, this type can include internal and external agents.
- Negligence-based human agents: Based on careless behaviors or safety oversights. Again, this category can also include internal and external agents.
Vulnerabilities may be points of weakness where someone or something can be manipulated. Vulnerabilities can be considered a web threat and a concern that enables other threats. This area typically includes some form of human or technical weakness that can lead to penetration, misuse, or destruction of a system.
Threat outcomes may lead to disclosed private info, deceived users, disrupted computer system use, or seized access privileges. Web threats often result in, but are not limited to, causing:
- Reputation damage: Loss of trust from clients and partners, search engine blacklisting, humiliation, defamation, etc.
- Operations disruption: Operational downtime, access denial to web-based services such as blogs or message boards, etc.
- Theft: Financial, identity, sensitive consumer data, etc.
Cybercriminals will use almost any vulnerability within an operating system (OS) or an application to conduct an attack. However, most cybercriminals will develop web threats that deliberately target some of the most common operating systems/applications, including:
- Java: Because Java is installed on over 3 billion devices (that are running under various operating systems) exploits can be created to target specific Java vulnerabilities on several different platforms/operating systems.
- Adobe Reader: Although many attacks have targeted Adobe Reader, Adobe has implemented tools to protect the program against exploit activity. However, Adobe Reader is still a common target.
- Windows and Internet Explorer: Active exploits still target vulnerabilities that were detected as far back as 2010 – including MS10-042 in Windows Help and Support Center, and MS04-028, which is associated with incorrect handling of JPEG files.
- Android: Cybercriminals use exploits to gain root privileges. Then, they can achieve almost complete control over the targeted device.
How do internet web threats spread?
The most concerning internet threats travel the web to attack more systems. These threat agents often use a mix of human manipulation and technical commands to reach their targets.
Web threats of this nature use the internet's many communications channels to spread. Larger threats use the global internet to respond to threats, while more targeted threats may directly infiltrate private networks.
Typically, these threats are distributed through web-based services. Malicious actors prefer to place these threats in locations where users will often engage with them. Public websites, social media, web forums, and email are often ideal for spreading a web threat.
Users are affected when they engage with malicious URLs, downloads, or provide sensitive info to websites and message senders. This engagement may also trigger infection and spread of web threats to other users and networks. It’s not uncommon for innocent users to unknowingly become threat agents themselves.
How to spot web threats
Despite the unending scope of web-based dangers, it is possible to spot some general traits of web threats. However, spotting a web threat requires a vigilant eye to catch subtle details.
Some web threats are clearly of concern to web infrastructure hardware, such as water and heat. While those are easier to spot, others require careful attention. Any time you are browsing websites and receiving digital messages are when you should be most cautious.
Here are some tips to guide you:
- Grammar: Malicious actors may not always carefully craft their messages or web content when assembling an attack. Look for typos, odd punctuation, and unusual phrasing.
- URLs: Harmful links can be masked under decoy anchor text — the visible text that’s displayed. You can hover over a link to inspect its true destination.
- Poor quality images: The use of low-resolution or unofficial images may indicate a malicious webpage or message.
Types of web security threats
As mentioned previously, web threats typically include human and technical manipulation in order to attack. Be aware there tends to be overlap between web threats, and some may occur simultaneously. Some of the most common web threats may include the following.
Social engineering involves deceiving users to act unknowingly against their own best interests. These threats usually involve gaining the trust of users to deceive them. Manipulating users in this way can include:
- Phishing: Posing as legitimate institutions or people to get them to divulge personal details.
- Watering hole attacks: Exploiting popular websites to fool users into exposing themselves to harm.
- Network spoofing: Fraudulent access points that mimic legitimate ones.
Includes malware and harmful scripts (lines of computer programming commands) to create or exploit technical vulnerabilities. Where social engineering is the human side of web threats, malicious code is the technical side. These threats can include but are not limited to:
- Injection attacks: Insertion of harmful scripts into legitimate applications and websites. Examples include SQL injection and cross-site scripting (XSS).
- Botnet: Hijacking a user device for remote, automated use in a network of similar “zombies.” These are used to accelerate spam campaigns, malware attacks, and more.
- Spyware: Tracking programs that monitor user actions on a computer device. The most common examples are keyloggers.
- Computer worms: Scripts that run, replicate, and spread autonomously without the help of a related program.
Exploits are intentional abuses of vulnerabilities that may lead to an undesirable incident.
- Brute force attacks: Manual or automated attempts to breach security “gates” and vulnerabilities. This may typically involve generating all possible passwords to a private account.
- Spoofing: Masking a real identity to manipulate legitimate computer systems. Examples include IP spoofing, DNS spoofing, and cache poisoning.
Cybercrime refers to any unlawful activity conducted via computer systems. These threats often use the web to enact their plans.
- Cyberbullying: Mental abuse of victims using threats and harassment.
- Unauthorized data disclosure involves the release of private information, such as email leaks, intimate photos, and significant corporate data leaks.
- Cyber libel: Also known as online defamation, this can involve attacking individuals or organizations' reputations. This can be done through disinformation (deliberate distribution of inaccurate information) or misinformation (mistaken distribution of inaccurate information).
- Advanced Persistent Threats (APTs): Malicious actors gain access to a private network and establish ongoing access. They combine social engineering, malicious code, and other threats to exploit vulnerabilities and gain this access.
Typically, web threats refer to malware programs that can target you when you're using the internet. These browser-based threats include a range of malicious software programs that are designed to infect victims’ computers. The main tool behind such browser-based infections is the exploit pack – which gives cybercriminals a route to infecting computers that either:
- Do not have a security product installed
- Contain a commonly used operating system or application that is vulnerable – because the user hasn’t applied the latest updates, or a new patch has yet to be issued by the software vendor
Kaspersky’s Internet security experts have identified the most active malicious software programs involved in web threats. The list includes the following types of online threats:
- Malicious websites. Kaspersky identifies these websites by using cloud-based heuristic detection methods. Most malicious URL detections are for websites that contain exploits.
- Malicious scripts. Hackers inject malicious scripts into the code of legitimate websites that have had their security compromised. Such scripts are used to perform drive-by attacks – in which visitors to the website are unknowingly redirected to malicious online resources.
- Scripts and executable PE files Generally, these either:
- Download and launch other malicious software programs
- Carry a payload that steals data from online banking and social network accounts or steals login and user account details for other services
- Trojan-Downloaders. These Trojan viruses deliver various malicious programs to users’ computers.
- Exploits and exploit packs. Exploits target vulnerabilities and try to evade the attention of Internet security software.
- Adware programs. Often, the adware will simultaneously install when a user starts to download a freeware or shareware program.
Examples of web threats
Among the many examples of web threats, here are some of the more well-known examples:
In May 2017, the WannaCry ransomware spread to many networks and locked down countless Windows PCs. This threat was particularly dangerous because of its worm functionality, allowing it to spread completely autonomously. WannaCry exploited a native communication language within Windows to spread this malicious code.
Celebrity iCloud phishing
A spear-phishing attack led to the breach of numerous celebrity iCloud accounts. This breach ultimately resulted in the unauthorized leak of countless private photos from these accounts.
While the attacker was eventually located and prosecuted, the victims are still suffering from their intimate photos being made public — without their permission. This has become one of the most well-known phishing attacks of the decade.
How to protect yourself against web threats
Most threats are successful due to two main weaknesses:
- Human error
- Technical error
Full protection from web threats means you will need to find ways to cover these weak points.
General tips to follow for both end-users and web service providers include:
- Always create backups: All valuable data should be copied and stored safely to prevent data loss in case of an incident. Websites, device drives, and even web servers can be backed up.
- Enable multi-factor authentication (MFA): MFA allows for additional layers of user authentication on top of traditional passwords. Organizations should enable this protection for users, while end-users should be sure to make use of it.
- Scan for malware: Regular scans for infections will keep your computer devices secured. Personal devices can all be covered through an antivirus solution like Kaspersky Total Security. Enterprise endpoint machines and computer networks should use this protection as well.
- Keep all tools, software, and OS up to date: Computer systems are more vulnerable when they’ve been unpatched against undiscovered holes in their programming. Software developers regularly probe for weaknesses and issue updates for this purpose. Protect yourself by downloading these updates.
Service providers like website owners and server operators are where true comprehensive security starts. These parties will need to take precautions for better protection. They can do this by:
- Monitoring web traffic to gauge for normal volumes and patterns.
- Implementing firewalls to filter and restrict unpermitted web connections.
- Network infrastructure distribution to decentralize data and services. This includes aspects like backups for various resources and geo server rotations.
- Internal probing to investigate for unpatched vulnerabilities. This might, for example, involve self-attacking with SQL injection attack tools.
- Proper security configuration for access rights and session management.
Users should protect themselves by doing the following:
- Scan downloads for malware.
- Vet links before clicking, only clicking links if you are positive the destination is safe and trusted.
- Make strong, secure passwords, and avoid duplicates. Use a secure Password Manager to help manage all of your accounts and passwords.
- Throttle login attempts by triggering account lockdown after a limited number of tries.
- Look out for phishing red flags in texts, email, and other communications.