Are you taking steps to prevent drive-by malware downloads? Have you implemented controls to reduce your attack surface and prevent your employees from inadvertently downloading malware onto your network?
Malvertising – A Major Security Risk that Should be Managed
Malvertising is the term used for the practice of displaying malicious adverts to website visitors. The malicious adverts are displayed via third party advertising networks which are present on a wide range of legitimate websites. Malicious adverts have been displayed to visitors to many of the top 500 global websites.
The New York Times website was discovered to be displaying malvertising via a third party ad networks. Those adverts redirected visitors to websites where ransomware was downloaded. The UK’s BBC website was similarly discovered to be displaying malicious adverts that resulted in ransomware downloads.
Other high profile sites found to be displaying malvertising include AOL, the NFL website, Realtor, theweathernetwork, newsweek, infolinks, answers.com, and thehill, amongst many many others.
Proofpoint recently announced it has succeeded in shutting down the AdGholas malvertising operation. This large-scale operation was reported to have resulted in malicious adverts being displayed to between 1 million and 5 million individuals per day. Researchers at Proofpoint estimated that between 10% and 20% of computers that loaded the malicious adverts were redirected to websites containing exploit kits. Exploit kits probe for security vulnerabilities in web browsers. If vulnerabilities are discovered, malware is silently downloaded onto the site visitor’s computer. Of course this was just one malvertising operation out of many.
Cost of Malware and Ransomware Infections
Many ransomware variants are capable of moving laterally within a network and replicating. One download may see multiple computers infected. Each infected device is encrypted with a separate key and a separate ransom demand is issued for each infection.
Organizations experiencing multiple infections can be issued with ransom demands of tens of thousands of dollars. In January, Hollywood Presbyterian Medical Center was forced to pay $17,000 for the decryption keys to unlock its computers.
The threat from malware can be far more serious. Malware such as keyloggers can be used to obtain login credentials to corporate bank accounts, allowing criminals to make fraudulent transfers and empty company accounts. Malware can install backdoors that can be used to steal patient data from healthcare organizations. Failing to prevent drive-by malware downloads can prove very costly indeed. Recently, the Ponemon Institute calculated the average healthcare data breach cost to be $4 million. The cost per compromised healthcare record was calculated to be $158.
Prevent Drive-by Malware Downloads
To prevent drive-by malware downloads you need to employ a range of tactics. Good patch management policies can help to ensure that devices are not left vulnerable. Software, browsers, and browser plugins should be kept up to date and patches applied promptly. Plugins and software commonly exploited by cybercriminals include Java, Adobe Flash, and PDF reader, as well as out of date web browsers.
Organizations can prevent employees from being directed to malicious websites by using a web filtering solution. A web filter can be configured to block websites known to contain malware or host exploit kits. A web filter can be used to block third party advertising from being displayed. Block the ad networks, and you will ensure that malvertising is not displayed.
You should also implement Acceptable Usage Policies (AUPs) to limit the websites that employees can visit. A web filtering solution can help in this regard. Employees can be instructed not to visit certain categories of websites which are known to carry a higher than average risk, but a web filter can be used to enforce those policies. By blocking access to gambling websites, pornography, sites containing illegal website content, and other risky websites such as p2p file sharing sites, risk can be greatly reduced.
A web filtering solution cannot prevent all data breaches and malware attacks, but it is a vital element of cybersecurity defenses that should not be ignored. It is one of the most important controls to employ to prevent drive-by malware downloads.