Drive-by Downloads – Are You Protected?

Guest Blog from LANDESK One Certified Partner BUFFERZONE

Drive-by download attacks have been making headlines this year as hackers target high-profile sites such as Forbes.com that many of us might visit during the course of a work day. It’s important to understand what they are, how they work – and what you can do to protect yourself.

Why drive-by?

A drive-by download simply refers to malware that is automatically downloaded from a website to your computer, without your knowledge or consent. Unfortunately, the bad guy usually gets away because you aren’t aware of the infection until long after you’ve left the offending site.

In many drive-by attacks, the victim is redirected from the compromised site to a landing page that hosts the attack. Since the new page looks exactly the same, the user does not notice the redirection. Just recently, researchers discovered that attackers have hacked large numbers of GoDaddy domains and have created at least 10,000 subdomains that shuttle Web surfers to sites hosting the Angler exploit kit.

Watch out for that ad!

Another common way that hackers deploy drive-by attacks is through malvertising, which takes advantage of the fact that most of the ads appearing on popular websites are hosted by a third-party ad server. The servers host millions of ads and have a very hard time filtering out bad actors. In the attack on the Forbes “Thought of the Day” page late last year, malware was downloaded to the visitor’s computer through the Adobe Flash Player. Your employees might have avoided that attack, which was specifically targeted at the defense and pharma industries. But during the same period, attacks on popular sites including Huffington Post and GameZone indiscriminately downloaded malware on any computer that used an old version of Internet Explorer.

The zero-day vulnerability

This brings us to the second stage of the drive-by download – the infection. Exploits typically scan the browser for outdated versions of plugins such as Flash Player, Java or Microsoft Silverlight and leverage existing (zero-day) vulnerabilities to download a payload to the computer. Once the malware is on your computer, it gets to work doing everything from infiltrating your data, to installing ransomware and banking trojans.

If you don’t know it’s there, what can you do about it?

Unfortunately, employee education is not an effective strategy for dealing with drive-by attacks. You can teach people to avoid suspicious links in their mail, or to stay away from suspicious web sites, but since hackers are attacking mainstream news sources – good behavior is not enough. Restricting personal internet use is difficult to enforce, not to mention unpopular. On the positive side, existing security technologies can do a lot to protect you and your organization.

Fix the problem before it starts – Patch!

First and foremost, you can eliminate the security vulnerabilities that drive-by attacks exploit by keeping your endpoints fully up to date. More than 75 percent of attacks exploit vulnerabilities for which there is an available patch. You just need to apply them in a timely manner. LANDESK Security Suite simplifies patch management with a combination of best practices and automation. It patches all devices across your network reliably, even if they are on the road, at a remote site, or asleep. Since LANDESK Security is fully integrated with systems management, you benefit from an accurate and complete view of all endpoints along with the ability to identify and patch the latest vulnerabilities as quickly as possible.

Block every known threat

Your next line of defense is anti-virus. LANDESK Security Suite includes powerful anti-virus scanning from Kaspersky labs which is constantly updated with the latest malware signatures. While anti-virus is nothing new, the fact is that it blocks countless threats every day – simply and efficiently. The security suite also provides Host-based Intrusion Prevention System (HIPS) capabilities that employ heuristic and behavior recognition techniques to detect and block behaviors that often indicate the presence of an exploit on the endpoint.

The limitation of antivirus and HIPS is that they only detect “known” threats and threat behaviors. And the fact that the number of breaches continues demonstrates the importance of protecting your organization from the next hack.

The next generation of cyber security

A new generation of security technologies is designed to combat these “advanced” threats. LANDESK Application Control leverages a cloud-based file reputation service to ensure that only trusted applications run on user devices. It learns the expected behavior of your applications and blocks anything that executes outside known patterns to prevent exploits from installing or permitted applications to launch a malicious process. Application control enables you to define the black list and white list of applications for the endpoint, and is ideal for tightly-managed environments where software configuration is well defined.

To defend against advanced threats, LANDESK One certified partner BUFFERZONE adds an additional layer of protection, using virtual containment technology to seal off threats from the organization. BUFFERZONE isolates applications that come into contact with the internet in their own virtual environment, protecting the endpoint from infection. BUFFERZONE is a transparent solution that enables employees to safely browse the internet, download and read email attachments, and view files on removable media (like their mobile devices) without risking contamination. If an exploit downloads malware to the endpoint, it is confined to the container, where it cannot escape to compromise the rest of the organization.

To learn more about BUFFERZONE, please join us on April 12th for a webinar, or visit bufferzonesecurity.com.

Learn more about LANDESK’s One Certified Partners