James Steidl - Fotolia
A number of drive-by-download attacks are infiltrating systems by methods as simple as prompting users to click to close a pop-up window. How can I make my employees more aware of these threats, and is there any way to tell which of these things are malicious?
While employees must be adequately trained and participate in an ongoing information security awareness program, training is not effective prevention for all types of attacks. General endpoint security hygiene must be in place along with baseline security awareness to prevent attacks from being successful.
First, basic security awareness around installing mobile applications is critical. Enterprises should update their mobile security awareness programs to include information about only installing applications from trusted and approved application stores; this will help prevent malware like Torpig from getting installed. An example to include in training could be installing an application based on clicking on a banner ad; this type of download is likely to install an app that includes unwanted functionality that could steal data or passwords. Also, if during installation an error message about the app not being signed pops up, users should cancel the install immediately.
Unfortunately, people will not always be able to distinguish malicious content from legitimate content, so systems must be designed to give employees the least number of opportunities to make bad decisions and to minimize the effects of clicking on a drive-by download.
Implementing tools that monitor the network and block drive-by download threats -- such as firewalls, intrusion detection systems and antimalware devices -- can be the most effective mechanisms for blocking attacks, but not all Internet access will use the enterprise network and be blocked. Endpoint security tools can be used for similar functionality, but must be installed and operating correctly to be effective -- this depends heavily on the endpoint being managed.
Ask the Expert!
Want to ask Nick Lewis a question about enterprise threats? Submit your question now via email! (All questions are anonymous.)
Learn more about drive-by download attack defense and prevention.
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
Sophos researchers believe the SamSam ransomware campaign could be the work of one or a few threat actors using manual techniques. Learn how it works... Continue Reading
The hacking group Magecart was recently found to have run a card skimming campaign that put customer information at risk. Learn how this attack ... Continue Reading
A new version of GandCrab was discovered by researchers in July 2018 and involves the use of legacy systems. Learn how this version differs and who ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.