Nate Drake explores some of the more insidious cybersecurity threats of 2024, as well as ways to keep your PC safe

©PEXELS/MIKHAIL NILOV (FREE TO USE)

The internet has never been more dangerous. In April, a Microsoft Employee stumbled across a cunningly coded Linux backdoor that could have compromised virtually every major website.

Generative AI promises to transform users’ desktop experience. But cybercriminals are using LLMs to generate well-written phishing messages, as well as malicious code.

Traditional ways to protect your online privacy like VPNs are also being undermined by increasingly sophisticated ‘fingerprinting’ techniques.

Protecting your PC is largely a matter of developing good habits such as regular updates and using integrated tools. In this guide, you’ll gain some insight into the state of cybersecurity for 2024, as well as some ways to keep your device safe.

SECURE BROWSERS

POSITIVES

✘ Easier detection of bugs

✘ Compatible with privacy plugins

✘ Resistant to browser fingerprinting

NEGATIVES

✘ Can’t protect against all phishing

✘ NoScript can make pages load incorrectly

✘Tor Browser is slow

AS ONE of the most commonly used web applications, browsers are a prime target for cyberattacks. According to a recent report by Menlo Security, browser-based phishing attacks increased by 198 percent in the last year.

It’s likely that this trend will continue in 2024, with common attacks including SMS phishing (smishing), Adversary in the Middle (AITM) frameworks, image-based phishing, and attempts to bypass MFA (multi-factor authentication).

In early 2024, Apple patched a ‘zero day’ exploit in its WebKit browser engine for Safari. They claimed this bug could be used by hackers to remotely execute code, though they didn’t go into further details.

A major bug was also discovered in Chrome in early 2024, which could be exploited by hackers using a crafted HTML page. This was considered extremely serious, as it seems that hackers had already been taking advantage of it.

Whichever browser you use, the best protection against ‘zero day’ bugs is to keep your software up to date. This may sound obvious, but many cybercriminals rely on our very human tendency to click ‘Update Later’.

The steps for updating will vary by browser. In Chrome, for instance, you can click more (...) > Help > About Google Chrome > Update Google Chrome. If you don’t see this, then Chrome is up-to-date.

When it comes to browser security, adopt Linus’ law: ‘Given enough eyeballs, all bugs are shallow’. In this case, this means you’re safer using a reliable open-source web browser over proprietary ones like Chrome and Safari. As the code is publicly available, it’s more likely that bugs will be discovered and patched.

Security expert Manfred Paul aptly demonstrated this in late March by announcing his discovery of two major vulnerabilities in the Firefox browser at a two-day ‘hackathon’ in Vancouver. Both could be used to inject arbitrary JavaScript code. Mozilla issued a patch, and awarded Paul a $100,000 bug bounty.

Even when the code acts as it should, according to a March 2024 article by programmer Nikita Prokopov, JavaScript on web pages is becoming bloated, not only making for slower loading times, but increasing your attack surface.

One of the best ways to tackle this is through using the browser plug-in NoScript (https://noscript.net/), which blocks arbitrary code from executing on web pages. You can, of course, permit specific scripts to run or allow JavaScript globally on sites you know are safe. The plugin comes bundled with certain programs, like the Tor browser, but can also be installed via sites like the Firefox Add Ons Page and the Chrome Web Store.

NoScript also offers excellent protection against ‘browser fingerprinting’, where sites analyze your browser configuration like your screen resolution, supported languages, installed fonts, and so on to form a unique ‘fingerprint’ of your activity. This is usually done for advertising purposes, but can be used to identify you, even if you’ve hidden your IP address by a VPN or proxy.