July 27th, 2018

Security News: The Latest in Website Security Threats

Author: Alex Beaudin
Alex Beaudin
Project Manager

Ahh, hackers. Unfortunately for the general Internet user population, those kids in basements stealing all of your information and blackmailing you with your audition tapes for Real World haven’t gone anywhere. So this week, we’re going to talk about what they’ve been up to in recent months.

We like to stay up on our cybersecurity here at build/create, and not just website security. So today I’ll share with you some general cybersecurity threats to be on the lookout for.

Phishing/Social Engineering

We humans are a species full of mistakes. Take Skynet, for instance. If we hadn’t invented Skynet, Terminator never would have come back to kill Sarah Connor, and Arnold Schwarzenegger would never have become the governor of California.

Well, Skynet wasn’t our last mistake. Human error has been the leading cause for information security breaches since 2015 (source: shrm.org). With that unsurprising fact in mind, let me elaborate.

BREAKING: Justin Bieber dead at 25 of drug overdose.

I mean, I would click that link if it were shared on Facebook. Who wouldn’t? Especially if it were sent to you in a message from a friend.

Facebook phishers have been using this tactic more and more, where they’ll send you a fake video, fake headline link, etc, and when you click it poof, you’ve got malware. This tactic will be used frequently when a celebrity actually does die, too, like Robin Williams. I mean, these people are hackers. They have no morals.

This is a pretty basic example of social engineering and I could write about it forever. So I won’t.

Internet of Things (IoT) infection

Just like in Mr Robot (a highly technically accurate show), hackers can take over your smart home, most likely with far more ease than your computer.

With the recent rise of IoT, there hasn’t been nearly enough time to properly secure IoT devices. That said, there are plenty of holes in their networks, and if you have IoT devices in your home (think smart thermostats, smart refrigerators, AI assistants, etc), you have vulnerabilities in your home network.

That’s not to say that all hackers that penetrate your home network are out to get your personal information — some just want to use your IoT products to conduct massive attacks on higher-level targets, and you would never know the difference. This was the case in the massive Dyn DDOS attack in 2016, when large portions of the Internet were taken down in the US by hacktivist groups.


The absolute scariest security threat that affects just about everyone is the Meltdown/Spectre vulnerability.

If you haven’t heard of it, Meltdown/Spectre is a big deal, for everyone. The official website for the threat has an FAQ question that asks:

Am I affected by the vulnerability?

Which is answered:

Most certainly, yes.

To quote one more time, the description of the hack is this:

Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware vulnerabilities allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.

Meltdown and Spectre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider’s infrastructure, it might be possible to steal data from other customers.

Unfortunately for all of us, this threat can go undetected and basically unnoticed once it’s on your machine.

Since this is the vulnerability that affects most folks, here are a few ways to protect yourself:

  1. Update your software. Just about all Intel processors released since 1995 are exploitable by M/S, however security patches have been released by all of the major operating systems.
  2. Don’t give your IP address out on the dark web. A no brainer for most.

That’s it. There’s not much else that can be done against this guy.

Stay vigilant

One point to keep in mind is that there are always going to be new and scary sounding ways that the scum of the Internet can use to make your life miserable, but that you should not start wearing tin foil hats and living in an electromagnetic basement because of it. We’re a civilized nation, for god’s sake.

In all seriousness, keep your various softwares updated all the time and try to stay away from the most obvious threats, as the majority of threats are fairly obvious when common sense is applied. And make human sacrifices to the internet gods. That is all.

Related Articles