According to reports, users are apparently far more likely to encounter malware when Web browsing as opposed to...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
checking email, and that Web-borne malware is harder for antimalware systems to detect. Why is this? How can organizations shift their tactics to successfully combat Web-based malware?
Ask the Expert
Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous)
Attacks that occur over an encrypted session make it more difficult for network security devices to detect malicious traffic, while endpoint security tools often struggle to detect rapidly changing malware. In this case, email systems, including Web mail, usually use encrypted connections, whereas compromised websites use encryption less often. Many email systems transfer email encrypted over the network and only would be detected if an SMTP server in the SMTP path (where the server has access to the unencrypted data) scanned it for malware and phishing, or stripped out the malicious contents. Compromised websites that aren't using SSL/TLS can be scanned while exiting the source network, in transit or entering the endpoint's network. This scan can be performed in a similar manner to an email scan, but could also block an outbound connection initiated by malware along with the malware from the compromised website. Some endpoint security products do detect malware while browsing the Web, though. This can be done by analyzing the network traffic on the computer or monitoring a Web browser's behavior. Browsers found to be using non-standard proxy settings, running slowly or that have had their home page and search default changed are likely compromised.
Attacks evolve to target the weakest link in infosec defenses and tend to target the widest audience possible. Whether it be an attacker using compromised systems for distributed denial-of-service attacks or targeted attacks aimed at large financial institutions, attackers will choose whatever method is most likely to get them the compromised hosts they want. As long as websites are built without the proper encryption options, attackers will look to take advantage via Web-based malware.
Dig Deeper on Malware, Viruses, Trojans and Spyware
Related Q&A from Nick Lewis
Locky ransomware has borrowed features from Dridex malware, which focused on attacking banks. Expert Nick Lewis explains Locky's techniques and how ...continue reading
The Mazar malware can wipe an entire Android device once it has been installed. Expert Nick Lewis explains how this malware works, and how attacks ...continue reading
MouseJack, a wireless mouse and keyboard security flaw, allows attackers to type malicious commands. Expert Nick Lewis explains how enterprises can ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.