The Web is an amusing yet a very dangerous place. No matter whether you are “an average user” or a webmaster, you should always be prepared. Ransomware, vulnerabilities, security breaches, the list of online threats is endless. Fortunately, cyber criminals are not the only ones working towards the improvements of their code. Thanks to the efforts of infosec experts we have plenty of free cyber security services to rely on when in doubt of a hack or when we just want to double-check our security levels. Below you will find several services that will enhance your protection against cyber-crime. The latter has many faces, so you definitely need a set of tools to be able to recognize all of them.
Note. The services are listed in no particular order.
Cyber Security Services for Users and Webmasters
No More Ransom – NoMoreRansom.org
If you’re closely following the world of ransomware, you may have already heard of NoMoreRansom. It’s a very useful and honorable project created by law enforcement and several security companies.
“Law enforcement and IT Security companies have joined forces to disrupt cybercriminal businesses with ransomware connections“, the project says.
The “No-More-Ransom” website is an initiative by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre and two cyber security companies – Kaspersky Lab and Intel Security – with the goal to help victims of ransomware retrieve their encrypted data without having to pay the criminals.
That being said, if you’re a victim of ransomware, you should definitely go to this security service. The very first thing to do is click on Crypto Sheriff while at the homepage. This is where you are prompted to fill in a form and share the details of your ransomware infection. You will also need to upload two encrypted files and type the email address displayed in the ransom note. This is how the experts will identify the ransomware that has locked your data.
The website also enables you to report your crime. This is a great reminder to any victim of the crypto virus – ransomware is a form of (cyber) crime and shouldn’t be left unpunished!
NoMoRansom also features prevention advice, ransomware Q&A, and several decryption tools.
Have I Been Pwned – HaveIBeenPwned.com
Have I Been Pwned is a project developed by Troy Hunt, “a Microsoft Regional Director and Most Valuable Professional awardee for Developer Security, blogger at troyhunt.com, international speaker on web security and the author of many top-rating security courses for web developers on Pluralsight.”
Troy created the website as a free source for anyone to check whether they have been put at risk due to an online data breach. The website is pretty straightforward to use and is free, which is awesome.
In Troy’s words:
This site came about after what at the time, was the largest ever single breach of customer accounts — Adobe. I often did post-breach analysis of user credentials and kept finding the same accounts exposed over and over again, often with the same passwords which then put the victims at further risk of their other accounts being compromised.
The website provides a list of “pwned”services and the number of user accounts that have been compromised in the particular data breach.
HIBP also offers a domain search – a feature that allows you to locate email addresses on particular domains that have been recently breached. However, you need to verify that you are in charge of that domain before you perform the search.
The feature that is most appealing to “average users” is the option to subscribe to HaveIBeenPwned. You can easily check all of your emails, and you can “subscribe” so that you’re timely notified whenever your email account has been compromised in a data incident.
Considering the frequency of such incidents, using HaveIBeenPwned is highly advisory.
Scan My Server – ScanMyServer.com (for Webmasters)
Scan My Server is a free security testing service for websites and blogs powered by Beyond Security. The service lets you scan your website for security loopholes like cross site scripting (XSS) and SQL injections.
Keep in mind that the testing of your first site is free and the scan can be repeated weekly or monthly. However, if you want to test more websites or you specifically need PCI certification testing, a fee should be applied.
Other Online Scanners Suitable for Webmasters
Another useful security service that should be great to website admins is Detectify. It’s a security service that smoothly integrates into the development process. The service analyzes your website from a hacker’s perspective and reports back with the latest vulnerability findings. It offers a 21-day free trial, so why don’t you take advantage of it?
SiteGuarding is a professional web security service that scans your domain for malware, website blacklisting, injected spam, website defacement. The scanner is compatible with WordPress, Joomla, Drupal, Magento, osCommerce, Bulletin, etc.
VirusTotal and Similar Scanners
There is almost no way that you’re reading this and you’ve never heard of VirusTotal. However, if you truly haven’t…
“VirusTotal is a free service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware.”
Another thing you should know is that VirusTotal is a subsidiary of Google and is perhaps the best online scanning service that checks both URLs and files for malware.
There are also several browser extensions available, like VTzilla for Mozilla Firefox, VTchromizer for Google Chrome and VTexplorer for Internet Explorer. The browser extensions enable the user to download files directly with VirusTotal’s web application prior to storing them in the computer, as well as scanning URLs.