Your brain is the most powerful defense against Internet threats
The BBC reports that users of the popular video streaming website Twitch.tv are attacked on the site which can lead to the buying, selling or trading of virtual user items on the gaming platform Steam.
Attacks are carried out via links that get posted in chat on the site according to F-Secure which reported about it first. The messages invites users to participate in weekly raffles for a chance to win virtual items for the game Counter-Strike Global Offensive, the most recent version of the popular Steam game.
Users who click on those links load a Java program which asks them for information. While it is unclear if those information are processed at all, it is clear that the program drops malicious software on the user system which allows the attacker to perform a series of commands including adding new friends on Steam, buying items with user money, sending trade offers, selling items on the market and accepting trade transactions.
Virtual items can be bought, sold and traded on Steam with some items being sold for thousands of Dollars. While the average amount is lower than that, most games have rare items that are offered for one hundred or even more Dollars.
These types of attacks, and Twitch is just an example of one attack on one site, can be addressed in several ways:
- The site that is bombarded with them could add security checks or notifications, just like Valve has done on Steam recently. These would warn users to click on links posted by unknown parties.
- The browser/operating system manufacturer could improve security.
- User education.
If a user cannot distinguish between a legitimate link and a malicious one (click on this link and a Nigerian prince will send you $10 million US Dollars for safe keeping), then this is without doubt the biggest problem.
While companies can improve security on their end, there will always be ways for attackers to exploit the naivety of Internet users.
Raffles, quizzes, surveys, phishing emails and others are used for a long time by attackers and nothing seems to have changed in that time. Users still fall pray to those scams even though magazines and sites report about them all the time.
System and program security has improved as well in that time but that does not seem to keep users safe on its own. While it may help somewhat, attackers are ingenious enough to find new attack forms or variations of existing ones to exploit.
The only thing that will help in the long run is user education. This does not have to be in form of an hour-long session either as there are only a few rules that users need to follow to improve their security on the Internet significantly:
- Use your brain. If something seems too good to be true, it usually is.
- Don't click on links in emails or chats if you don't know the sender. Even then, think about it first before you click.
- Don't click "next" or "ok" when prompts appear without knowing what this is about.
Now You: Have something to add? Feel free to share it with all of us in the comment section below.Advertisement