Web-based malware: Drive by’s
It’s what we all do every day. We go online and check our web-based email. We check the latest news on reputable news aggregation sites. Stocks, social media, shopping, weather, traffic…we check all that stuff. Most people assume that if they keep their nose clean and stay away from questionable content, they are safe from malware attacks via the browser. Unfortunately, that is less the case today. Let’s go over drive-by malware attacks and what they can lead to.
The set up: innocent website owners provide content to their customers, us. But not-so-innocent actors are able to embed malware to those sites. Web apps, like all software, are vulnerable despite security measures like web app firewalls and app security testing. Exploit kits embedded in the websites we visit download to our computer, often without us launching them. Once loaded, they take inventory of the apps associated with our browser and beyond. Think about the third-party plug-ins you’ve loaded into your browser. Messaging apps, file reading and media playing apps. More than likely, they have vulnerabilities. Once exploited, these vulnerabilities allow attackers to use our computer for their gain.
The goal of most attacks is to track behavior, steal sensitive information, and use it to get the attacker richer. Spyware is often used to track user web behavior so perpetrators can know what to sell you. But it can also be used to get valuable Personally Identifiable Information. Using the same browser to shop AND do financial transactions creates more risk. Getting to banking information is a jackpot for attackers.
There are measures you can take to help prevent attacks. The usual housekeeping will reduce the risk your organization can face. Patch your apps. Use the safest browsers (check here for known vulnerabilities by browser) Mitre (a Not-For-Profit Organization that operates multiple federally funded research and development centers supporting the US government agencies), provides their Common Vulnerabilities and Exposures to the public. Use separate browsers for online banking. Limit, where possible, the third-party apps and plug-ins for browsers. Update your AV or other endpoint protection. A layered approach to security that includes gateway protection should be part of your defense-in-depth strategy.
For more than 20 years, ContentKeeper has delivered comprehensive, accessible web security solutions for global enterprises, educational institutions and government agencies. We enable our customers to protect their networks, users and data from cyber threats while embracing mobile technology, Internet of Things (IoT) and cloud-based services.
About the author: Paul Hafen is an 18-year veteran in the Cybersecurity field. He’s co-founder of a security firm and has worked with hundreds of organizations on security projects. A blogger with emphasis on malware and data loss topics, he researches and reports on the latest vulnerabilities and attacks for ContentKeeper.