Types of Web Security Threats & Their Fixes

Web Security threats are any kind of hacking offensives that target computer systems and online
networks. The aim is to get hold of sensitive information, destroy data, or steal money.
According to studies conducted by Verizon, online-attacks are majorly financially motivated.
Other popular reasons include espionage, rivalry, identity thefts, etc.

Cyber-attacks and data breaches have gone up by 67% since 2014, and 11% since 2018. The year
2020 has seen a significant rise in cyber attacks in the first quarter itself. Organizations across
the world are now spending billions on attack prevention and damage control.

In this article, we’re going to talk about the most common types of web security threats
businesses face these days, and give you tips on how to stay safe from them.

7 Most Prevalent Types of Web Security

Threats
1. Man-in-the-middle (MitM) Attack

In a MitM attack, the attackers will place themselves between the user and an application during
an interaction and impersonate one of the two. Here a few types of MitM attacks:

1.1 WiFi Eavesdropping

Hackers can set up a Wi-Fi connection similar to that of a business and make it appear
legitimate. Once a user connects to the bogus Wi-Fi, the attacker will be able to oversee and
monitor the user’s activity online. Login credentials, payment card information, etc can easily be
stolen this way. This is why one should always refrain from using public Wi-Fis.

1.2 IP Spoofing

Every website and device on the internet has an IP address. Using IP spoofing, the hacker
convinces you that you are communicating with a known and trusted source. Basically, the
attacker will send and IP packet of a trusted entity, instead of their own IP packet to a target
entity.

Apart from these, DNS spoofing, SSL hijacking, HTTP spoofing are also MitM attacks.

Prevention tips:

 Safeguard your communications online through strong encryption and digital certificates.
 Setup strong router login credentials and change them regularly
 Only use HTTPS for your website ie., procure an SSL certificate
  Public key-based authentication, like RSA, should be used to ensure that you are
communicating with the right entity

2. Phishing Attacks

Through a phishing attack, hackers send fraudulent communication to victims, making it appear

to come from a legitimate source. The attack usually occurs through email or text messages. The
aim is to steal sensitive information like credit/debit card details and login credentials or
install malware on the victim’s device.

For example, the hacker will pose as a trusted entity that the victim often interacts with (such as
a bank or company), and send a message or an email asking him/her to click on a link or
download attachments. The link will take the user to a phony website where he/she will be asked
to enter login credentials, and the attachment will typically contain some sort of malware that
will infect the victim’s device.

Phishing attacks can be of various types:

 Spear Phishing
 Deceptive phishing
 Pharming
 Whaling
 Evil Twin Phishing
 Clone Phishing

Prevention tip:

There is no technology that can stop phishing attempts from hitting your inbox, but you can take
steps so as to not fall prey to these schemes:

 Hover over the link to see where it is taking you. If the link appears to be fishy, then
don’t click on it.
 Don’t panic and impulsively click on links. If the message you’ve received is
completely unexpected or contains alarming information, then call the source to confirm
before taking any action.
 Analyze email headers. Check the email address, reply-to, and return-path carefully.

Read now: Types of Phishing Attacks and Important Prevention Tips

3. SQL Injection

SQL injection is a web security threat through which a hacker interferes with the SQL queries
that an application sends to its database. SQL statements control the database server behind a
web application. Hackers find vulnerabilities in these statements and skirt around the
application’s security measures to gain access to its database.
For example, the hacker will enter SQL commands into the input fields on a submission page of
the website. If the injection is successful, then the web application’s database will be
compromised. Hackers will be able to retrieve your personal data, customer information,
intellectual property, business secrets, etc. They can also delete or modify the data on your
servers.

SQL injections are mostly successful on websites that use dynamic SQL, PHP, and ASP.

Prevention tip:

a sure shot way to prevent SQL injections is by validating all input, and sticking to
parameterized queries. All input should be screened and disinfected. Malicious code inputs
should be removed before the application code uses it. Deploying a Web Application Firewall is
also helpful, as it is specifically devised to prevent injection attacks.

4. Brute Force Attacks

A brute force attack aims at cracking the victim’s username, password, or PIN for a website.
Hackers use a hit and trial method, by trying out different password and username combinations
until they get the right one, and can access the user’s account.

This may sound impractical at first, as passwords typically contain at least 8 characters, with a
mix of upper & lower case alphabets, numbers, and symbols. If you do the math, you’ll see that
there are a Million plus combinations one has to try in order to nab one password.

This is why hackers don’t do this manually, instead they run a script/code or a computer
program/bot. These programs will keep trying combinations until they hit the right one. Only, a
computer’s algorithm enables it to guess much faster than a human. On an average, hackers can
come to the right login credentials within 6 hours of running the scripts.
Brute force attacks are also of various types:

 Dictionary Attack
 Hybrid Brute Force Attack
 Credential Stuffing
 Reverse Brute Force attack
 Simple Brute force Attack

Prevention tips:

 Set strong passwords that are unique and contain a complex mixture of alphabets,
numbers, and symbols.
 Use two-step verification on your login pages, so that even if your login credentials are
compromised, hackers will not be able to enter your account.
 Limit login attempts, so that your application automatically locks out a user after 4th or
5th attempt. It is highly unlikely that a hacker will be able to crack passwords within such
a few attempts.
 Enable Captcha on the login page. Captcha’s challenges are designed for humans, so
there is a high chance it will thwart any bot or computer program trying to infiltrate your
website.

5. Cross-Site Scripting (XSS) Attacks

XSS is another type of injection attack. Contrary to SQL injection, cross-site scripting is
executed on the client-side.

The goal is to inject malicious code scripts in the victim’s web browser by infecting a legitimate
website or web application with harmful code. When the user loads such a site, the XSS attack
gets activated and the user’s browser is fed with malicious code.

In simple terms, the web application becomes the medium through which client-side browsers
are compromised. The attacker will identify vulnerabilities in the application, and inject payloads
in its database. When the user requests a webpage, the website will display the page with the
attacker’s payload embedded in its HTML body.

XSS attacks are commonly executed in JavaScript, although they are also possible in VBScript,
ActiveX, Flash, and CSS. Forums, message boards, web pages containing comment sections, are
usually leveraged for XSS attacks.

Though cross-site scripting is less dangerous than a SQL injection, you still need to protect your
application and its user’s from it. Through a JS injection, hackers can

 Gain access to your client’s session cookies and impersonate them. They’ll be able to
perform actions on behalf of the user and also steal personal information.
 Modify the victim’s browser DOM and make modifications on the page where infected
JavaScript is running
  Use XSS in conjunction with social engineering attacks like Phishing to perform more
dangerous attacks like keylogging, trojan injection, identity thefts, site defacement, etc.

Prevention tips:

 Don’t trust any user input. Scan and clean all HTTP inputs made by the user.
 Use escaping/encoding techniques like HTML escape, JavaScript escape, CSS escape,
URL escape, etc on user input.
 Use an HttpOnly flag for cookies, so that they are not accessible on the client-side
JavaScripts.
 Add a Content Security Policy (CSP) that specifically detects and mitigates XSS
attacks.

6. Malware attacks

A malware attack is any kind of attack where unwanted software gets installed on your system,
without your consent. Vulnerabilities in your applications are leveraged for these attacks, and the
aim is to attach malware to your system’s software and execute malicious activities through it.

Some common types of malwares are:

6.1.Ransomware

Ransomware gets hold of the victim’s data and blocks access to it. The victim is threatened with
publishing or deletion of data, until a ransom is paid. Simple computer ransomware can easily be
reversed by a person who has enough technical knowledge. However, more advanced malware
use techniques like cryptoviral extortion, encrypting the user’s files in such a way that they can’t
be recovered without the decryption key.

6.2. Trojans

Trojan or a Trojan horse is a malware that sits in a computer program and has a malicious
function. A Trojan can open up back doors in the application which can be exploited by hackers.
For example, Trojan can open a high numbered port that the hacker can listen to, and plan an
attack.
6.3. Spyware

As the name suggests, sypware is installed to spy on the users and attain their personal
information, browsing habits, computer information, etc. Spyware can follow everything you do
on your application or device, and also download other malware or harmful programs from the
internet.

6.4. Droppers

A dropper in itself is not a virus or a malware, which is why it often goes undetected by anti-
virus software. It is a program that is used to install viruses on computers.

6.5. Macro Viruses

Macro viruses infect applications such as Microsoft Excel or Word. They attach to an
application’s initializing sequence. Once the application starts running, the virus executes
instructions before giving control to the application. It replicates itself and attaches to other code
in the computer.

Prevention tips:

 Install a web application firewall.

 Install anti-virus and anti-malware software
 Run website scans and audits regularly

7. DDoS attacks

One of the most common website security threats in eCommerce, a Distributed Denial of
Service attack aims to overwhelm an application’s server so that it can no longer process
requests, and faces downtime.

A host of client machines are infected with malicious software and the hacker gains control.
He/she then uses these machines to send a large amount of traffic to the website and burdening
its resources and forcing the application into shutdown.

DDoS attacks are also of various types:

 TCP SYN flood attack

 Teardrop attack
 Smurf attack
 Ping of death attack
 Botnets

Prevention tips:

 Deploy firewalls, specifically a Web Application Firewall.

  Use RFC3704 filtering which will block traffic from spoofed IP addresses.
 Blackhole filtering, which drops unwanted traffic before it enters the application’s
network
 CDN or Content Delivery Networks that can mitigate the impact of a DDoS attack

Last Word
Web security threats will only get more sophisticated with time, so it’s important to stay updated
with the major threats business are facing at a particular time, and how these can be prevented.