History Sniffing is an umbrella term that defines different techniques used to monitor the web browser history for diverse purposes including the launch of a cyber attack. Although it is an old trick, the technique is still being used for victimizing internet users. In the recent times, studies have shown a rise in the types and numbers of history sniffing cyber attacks for the sheer ease of launching such attacks.
How Is History Sniffing Cyber Attack Launched?
- The cyber attackers create fake online advertisement and preload attacker code in this ordinary looking advertizement.
- The code is embedded with a list of target websites (the websites that hackers want to know if the user has visited).
- When user clicks on the advertizement, the code starts running and checks the browsing history for target websites.
- If the user has visited any of the target websites, the program will indicate a match to the hacker.
- The hackers then redirect the victim to corresponding fake version of the website to cause further damage.
How Are History Sniffing Attacks Used?
The data collected by history sniffing attacks is used as a foundation for other types of cyber attacks by hackers.
- Phishing: Hackers use history sniffing techniques to find out the financial organization websites visited by the victim. This data is then used to launch customized phishing attacks which automatically match every victim to a fake page of actual financial organization. The victims are tricked into filling their financial details which can be used by hackers to steal money from users’ accounts.
- Stalking: History sniffing can be used to stalk internet users by keeping an eye on their browsing behavior. Hackers may keep a track of social media pages or locations saved in the browser history. Stalking may cause some serious problems for the victim such as kidnapping, physical damage, assault, etc.
- Identity Theft: It is common for internet users to save their login details or choose the option to ‘keep Logged In’ on their browser. Hackers can use history sniffing coupled with other malicious code to check the social media profiles logged in on the browser and access these profiles to pose as the user. They can further use these accounts to send unauthorized messages, post fake news, etc.
For more information on history sniffing cyber attacks, call Centex Technologies at (972) 375 - 9654.
17. February 2021 14:20
Year 2020 has witnessed a great rise in number of cyber-attacks, specially Ransomware attacks and Business Email Compromise (BEC) attacks including phishing, spear phishing and whaling. These attacks result in data and financial losses. Another reason that has resulted in hike in threat of data threat and data exfiltration is increased number of remote employees due to COVID-19.
The major risk involved in data loss is associated with storing data on-premise or endpoints. Thus, it has become imperative for businesses to adopt a cloud-first approach to data protection.
Here is a step-wise approach to implementing cloud-first data protection strategy:
- First step is to determine if you can trust the cloud service provider’s platform. Analyze if the service provider can meet the data storage requirements of the organization and has the capacity to adapt to any changes to organization’s backup and recovery plans in the future. Check if the provider can:
Support all cloud models including private, public and hybrid.
Protect data on servers, desktops, mobile devices, and third-party cloud apps.
- Know about the data security practices implemented by the cloud service provider. It is important to ensure that organizational data should be encrypted both in flight and rest to avoid unauthorized access.
- Be prepared to combat a data theft attack by designing a well-defined data recovery plan. Ask the cloud service provider, if there is a recovery action plan such as redundant data centers, secondary data center at a different location, etc. for such situations.
- Relying solely on manual processes to back up mission-critical data can be ineffective. As organizations create a large amount of data everyday, manual data backup and management is no longer feasible. Also, processes such as Cloud, DevOps, and automation movements account for a dynamic business environment which further solidifies the need for automated backup policies.
- Consider the level of tech support that the organization would require in case any issue with cloud backup or cloud data management is detected. It is important to have a pre-hand knowledge about how to contact the cloud service provider to reduce the response time. Ask the cloud service provider if it offers different support channels such as Email or chat. Also, make sure that the provider offers 24*7 support across different time zones.
What Are The Benefits Of Cloud-First Approach To Data Protection?
- Cost savings
- Streamlined and coordinated approach
- Reduced human error
- Improved recovery abilities
For more information on cloud-first approach to data protection, call Centex Technologies at (972) 375 - 9654.