Whether and how safe we are online? – Black Week
A global leader in next-generation security, Sophos protects more than 400,000 companies from the most advanced cyber threats. companies of all sizes in over 150 countries. Sophos solutions leverage the cloud and artificial intelligence to secure endpoint devices (laptops, servers and mobile devices) and networks from evolving cybercriminal methods. The company decided to study the issue of Black Week in terms of security.
Krakow, November 25, 2021 – Sophos analysis shows that as many as 95% of websites benefits from encrypted content transmission. The remaining 5% are m.in. Sites that incorporate tools to track users for advertising purposes (the so-called “mobile game”) are more acceptable. trackers), harmless in terms of cyber security. On the occasion of Black Friday, millions of customers will browse online or use Wi-Fi in shopping malls while shopping. The Internet has never been safer for users, but this does not mean that threats have disappeared. Is there anything to fear when it comes to data privacy?
Wi-Fi more secure than you might think
Data transmission on public Wi-Fi networks is generally unencrypted, therefore it is assumed that using them is not safe. Indeed, virtually everyone in radio coverage (to the ok. 100 meters from the access point) can “suspect” information sent between the user’s device and websites, such as passwords and logins, but only when entered on unsecured sites. To successfully carry out such an attack, the criminal must be close to the victim. Low income and limited reach of this method cause cybercriminals to prefer to use other techniques such as phishing or ransomware, which do not require being in sight of the victim.
– For most users, activities on public Wi-Fi networks are safe, and browsing Facebook, email or Black Friday and Cyber Monday deals through them does not carry much risk. Of course, there is always some risk of information being intercepted, but unless you are a high-profile politician or celebrity, we can assume that the risk is low. Those who are nevertheless concerned about their data may want to consider using a VPN and the DNS over HTTPS feature available in their browser settings. If your concerns are about mobile banking security, it makes sense to switch to cellular data for your transactions – advises Grzegorz Nocoń, Systems Engineer at Sophos.
A locked padlock isn’t everything
In 2013, when Edward Snowden revealed how much information authorities were collecting about users, only 27.5% of websites used encrypted data transmission – Currently it is about 95%. Users have become accustomed to looking for the prefix “HTTPS” at the beginning of a website address. The accompanying closed padlock, however, does not mean that the site is fully secure. It can still be used for ransomware or phishing attacks. A criminal may e.g. intercept a landing page and redirect traffic to another address where it collects login credentials, or even obtain a valid certificate for the fake website phishing.
Security on the shoulders of stores and administrators
Even the transmission of data from the site where it is transmitted over HTTPS, can be compromised by criminals, if no additional protection is used, the so-called. HSTS (HTTP Strict Transport Security). The mechanism enforces the use of encryption, so a criminal cannot redirect a connection to an unsecured site to intercept transmitted information. Analysis by Sophos researchers shows that up to 61% Closed padlocked sites that are marked as HTTPS compliant, does not benefit from HSTS protection, are therefore vulnerable to attack. These are clearly not the sites that criminals care most about, such as social media, email, office applications, financial institutions or dating sites. Clearly, however, there is still are not commonly used Features that are free for site administrators and provide significant security improvements.