According to reports, users are apparently far more likely to encounter malware when Web browsing as opposed to...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
checking email, and that Web-borne malware is harder for antimalware systems to detect. Why is this? How can organizations shift their tactics to successfully combat Web-based malware?
Ask the Expert
Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous)
Attacks that occur over an encrypted session make it more difficult for network security devices to detect malicious traffic, while endpoint security tools often struggle to detect rapidly changing malware. In this case, email systems, including Web mail, usually use encrypted connections, whereas compromised websites use encryption less often. Many email systems transfer email encrypted over the network and only would be detected if an SMTP server in the SMTP path (where the server has access to the unencrypted data) scanned it for malware and phishing, or stripped out the malicious contents. Compromised websites that aren't using SSL/TLS can be scanned while exiting the source network, in transit or entering the endpoint's network. This scan can be performed in a similar manner to an email scan, but could also block an outbound connection initiated by malware along with the malware from the compromised website. Some endpoint security products do detect malware while browsing the Web, though. This can be done by analyzing the network traffic on the computer or monitoring a Web browser's behavior. Browsers found to be using non-standard proxy settings, running slowly or that have had their home page and search default changed are likely compromised.
Attacks evolve to target the weakest link in infosec defenses and tend to target the widest audience possible. Whether it be an attacker using compromised systems for distributed denial-of-service attacks or targeted attacks aimed at large financial institutions, attackers will choose whatever method is most likely to get them the compromised hosts they want. As long as websites are built without the proper encryption options, attackers will look to take advantage via Web-based malware.
Dig Deeper on Malware, Viruses, Trojans and Spyware
Related Q&A from Nick Lewis
Locky ransomware has, again, changed tactics by moving to using LNK files for distribution. Expert Nick Lewis explains how enterprises can adjust ...continue reading
Hajime malware was discovered to have links to the Mirai botnet that launched powerful DDoS attacks last year. Expert Nick Lewis explains how Hajime ...continue reading
Drammer, or a deterministic Rowhammer attack, was found to be more effective on ARM-based mobile devices. Expert Nick Lewis explains the issue with ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.