Browsing the web these days can lead to security threats with very bad implications. Forcepoint (formerly known as Websense) found that in 2013, malicious websites had “increased by nearly 600 percent worldwide”. We’re now in 2016 and that figure is still rising significantly.
Below, are some of the key report findings from Forcepoint:
- Each week, organizations faced an average of 1,719 attacks for every 1,000 users.
- Malicious websites increased by nearly 600 percent worldwide.
- North American malicious sites increased by 720 percent and EMEA saw a 531 percent increase.
- Legitimate web hosts were home to 85 percent of those malicious sites.
- Half of web-connected malware downloaded additional executables in the first 60 seconds.
- Only 7.7 percent of malware interacted with the system registry – circumventing many behavioural detection systems and antivirus solutions.
- Thirty-two percent of malicious links in social media used shortened URLs. Once cybercriminals gain access to a host, they typically hide their own malicious pages deep in the directory tree. This process generates very long and complex web links that might tip off a wary user. Link shortening solves that problem.
How do these malicious websites typically function? Sophos, a leader in Antivirus software and spyware, has stated that “hackers now use sophisticated techniques—like injecting inline JavaScript—to spread malware through the web”. JavaScript can enhance user interfaces and provide better web functionality. The downside, is that JavaScript can also be malicious, exploiting many of your client-side vulnerabilities. This isn’t even the worst of it – hidden JavaScript code within websites can also secretly redirect your web traffic to malicious websites in the background!
So, knowing that there are now a huge number of malicious websites on the web that are mostly running some form of JavaScript, how do you best protect yourself?
NoScript works with the Firefox web browser. It is an extension that provides extra protection for web surfing. It does this by preventing JavaScript from executing in websites, unless you have specifically whitelisted them. This preemptive blocking approach prevents exploitation of security vulnerabilities and allows you to be in control. Whitelisting websites and making NoScript remember them as trusted, ensures that you now have one of the most powerful protection tools available in a web browser! No more JavaScript will run in the background of unknown sites you visit and better yet, NoScript now also supports anti-XSS (cross-site-scripting) attempts and anti-clickjacking!
You can download and start using NoScript free of charge from the following URL: https://noscript.net/