Newsletter
With an increasingly large percentage of sales being made at least partially online, the retail and cybersecurity sectors are going to be inseparably linked going into 2021. As people purchase more products online, they’re going to be sharing their financial credentials with an ever-growing number of different eCommerce companies. If any of these services don’t properly secure data they collect from consumers, then the consequences could be extremely costly.
Web browser developers are now placing eCommerce ads on new tab pages that show up when their programs are first launched. Experts are warning that this is going to further exacerbate the problem. Users who take the time to verify the identity of each organization they deal with online should fare better than most, however.
Frequent online shoppers need to be aware of the fact that they could be dealing with a fraudulent business venture that’s out to collect information about them.
Analysts See Uptick in Number of Online Impersonations
Cybersecurity analysts are warning that there could be a drastic uptick in the number of phishing scams as we enter the first quarter of fiscal year 2021. They’re suggesting that users try doing a general search for any company they’ve never heard of if they plan on purchasing goods or services from them. Both Google and Bing prioritize search results from legitimate organizations, which means scam reports will rank higher than phishing portals on results pages.
Users should also make sure to clear out their browser cookies when shopping online. The key-value pairs stored in cookies are often used to identify individual users when they visit a site. Online impersonators often use packet sniffers to intercept cookies and then steal them so they can spoof requests from legitimate shoppers.
Simply cleaning out browser caches on a regular basis can go a long way toward reducing the risk of this kind of an attack. Unmanaged packet sniffers only work when they can intercept data sent through an unsecured HTTP connection. All users need to do is switch around a few browser options to enforce HTTPS connections on every site they visit.
Those who want to ensure that they’re always secure when browsing the web can also rely on a virtual private network service. Google recently announced that their Google One-branded VPN should work with all Android mobile devices, but there are a number of options for those who want to lock down all of their gear. Speaking of gear, your routers shouldn’t be ignored. Fortunately, some really good options exist in the under 100$ range, which can dramatically boost your security.
Choosing the Right VPN for 2021
For several years, netizens have primarily selected VPN services based on which ones allow them to stream the widest variety of video content. Picking a service in this way isn’t necessarily wrong, but enterprise users have to be sure that they juggle a number of competing demands when picking a service.
Vendor neutrality is probably the biggest issue. As more VPNs try to capture a specific market niche, there’s a risk that certain services may end up providing support for only a single platform. According to a recent Surfshark review, that VPN has added support for Windows and Macintosh computers as well as the Android mobile ecosystem. GNU/Linux users as well as those who own iOS devices shouldn’t have any difficulties with the software either.
Enterprise-level system administrators will want to keep an eye out for services that offer this degree of flexibility, since they more than likely can’t afford to be tethered to a single platform. They also shouldn’t ignore more traditional security features, like those related to password storage.
Protecting Cybersecurity Fundamentals in 2021
Computer scientists have been claiming that passwords would be phased out by facial unlock systems and other types of sophisticated user interface elements. However, it doesn’t look like most sites will phase out passwords any time soon. Considering that many password crackers now leverage the power of external GPU modules to guess an even larger number of possible matches every minute, users need to redouble their efforts to create good strong passwords.
There’s no reason that they necessarily have to remember most of their login credentials, however. While it was historically unsafe to stash passwords away in a manager window, there’s no reason that users shouldn’t take advantage of any special features that their browsers provide today. Advances in encryption algorithms have made it nearly impossible for crackers to actually gain access to the underlying plain text of any login credentials stored inside of a commercial-grade web browser.
Post-quantum confidentiality software modules are helping to improve not only the encryption levels of these passwords but actually all forms of text that travel over the web as a whole. When documents are transmitted over the web, they’re often converted to some sort of encoded text. That means this will enable those files to remain secure as well.
As hardware continues to get faster and quantum computing algorithms become more widespread, this sort of technology is going to be that much more vital.
Preventing Brute Force Attacks Against Public Keys
Cryptographic public key algorithms could be potentially weak against attacks carried out by next-generation quantum computers. At one point, security experts weren’t very interested in the possibility of these kinds of attacks because relatively few criminal organizations could ever muster enough money to invest in the hardware needed to carry one out.
By early 2021, however, it’s likely that the collective computing power of some botnets will equal that of a hypothetical quantum computer. In some areas, average attack volumes could reach upwards of 4.9 GB/s. As more crackers leverage the power of AI routines to seek out weak public keys that they could carry out a brute force attack against, the dangers of someone using this kind of botnet to gain access to huge repositories of passwords.
In 2015, someone used the distributed Luminati botnet to send thousands of otherwise legitimate POST requests to 8chan’s server in under half a minute. Think about how many more machines must have been compromised in the last several years and you might begin to get a clear picture of just how powerful some botnet structures are getting.
Security experts are switching to cryptographic algorithms that don’t use any of the three hard mathematical problems that you’d normally see in this kind of code. That dramatically reduces the risk that powerful botnets or even hypothetical quantum computers would be able to guess the passphrase needed to unlock data being sent over a network.
Transport layer security will continue to be a problem even if these lockdowns are put into place. Currently, TLS 1.3 is only enabled by default on preview builds of Blink-based browsers. That means whether you’re running Microsoft Edge or the open-source Chromium browser, there’s a good chance that your networking stack is relying on an older standard.
Flipping a few browser flags should be all that it takes to enable newer protocols. In fact, users might want to take the time to glance through the many pages of flags that modern browsers offer in order to ensure they’re not relying on any other dated technologies.
While it might seem inconvenient, taking a few extra moments to improve your security position now can save a substantial amount of time as we move into the new year.