Cyber-fraudsters Target, Media, Space Agency And University Websites To Exploit Vulnerabilities

By Author: eccuni
Total Articles: 211
Comment this article

Recently, the website of Pravda (The Truth), a major Russian newspaper suffered security breach. Cybercriminals allegedly inserted malicious scripts on the site. The malicious scripts are designed to compromise vulnerable computer systems. Security researchers at F-Secure have detected that the webpage surreptitiously load malicious scripts to exploit Java vulnerabilities and installs malware in a user's computer. Usually, cybercriminals alter the home page of the site, leave a message or insert pictures. However, in case of stealth attacks such as the one on Pravda website, the attackers make silent alterations on the site to remain undetected to infect computer systems of large number of visitors. Websites continue to be the favorite target of cybercriminals. Attackers attempt to take advantage of the traffic generated by the websites. Recently, some webpages of NASA, Stanford University and some other American Universities were reportedly rigged by cybercriminals to sell fake software. Attackers allegedly used search engine poisoning to exploit the traffic generated to NASA website before the upcoming launch of the Space ...
... Shuttle Endeavor.

Attackers may gain remote access to the compromised computers by executing malicious code. They may modify, delete or extract sensitive data from the affected systems. Attackers may also use compromised computers to launch spam campaigns. They may also use the systems to launch simultaneous attacks on a target web resource. Internet users must avoid visiting reported forged sites, adhere to the warnings from the vendors and Internet security firms. They must install and regularly update security software to safeguard their systems. They may also adjust the browser settings to avoid automatic execution of malicious scripts. Internet users must use genuine software applications and constantly update their browsers.

Attackers constantly scan websites to exploit vulnerabilities. Cybercriminals may not only target Internet users, but also attempt to gain unauthorized access to the databases associated with the webpages. The extract information could be misused for fraudulent purposes. For instance, attackers target University websites to steal personally identifiable information related to students, faculty members and employees such as names, mailing addresses, e-mail address, contact numbers, course details, enrolment numbers, provident fund details and social security numbers. The stolen information could be misused for applying fake student loans, claim fraudulent tax refunds, redirect mail, identity theft and other fraudulent activities. Websites are susceptible to SQL injection, Cross-site scripting and other forms of attacks. Regular in-depth evaluation through professionals qualified in IT masters degree and penetration testing may help organizations in weeding out security flaws. Organizations may also benefit from the services of Internet security firms to understand weaknesses and initiate mitigating measures. Hiring employees qualified in online computer degree programs may help in safe online computing practices and adherence to security policies of the organization.

Internet security professionals must constantly upgrade their skills to deal with the vibrant challenges in the cyberspace. Online technology degree programs may help professionals in understanding latest threats and security mechanisms. Proactive approach is crucial to strengthen the defenses of the IT infrastructure and improve the IT security environment.