James Steidl - Fotolia

Q
Problem solve Get help with specific problems with your technologies, process and projects.

How can drive-by download attacks be prevented?

Expert Nick Lewis offers some strategies that enterprises can use to avoid the threat of drive-by download attacks and improve employee awareness of the risks.

A number of drive-by-download attacks are infiltrating systems by methods as simple as prompting users to click to close a pop-up window. How can I make my employees more aware of these threats, and is there any way to tell which of these things are malicious?

While employees must be adequately trained and participate in an ongoing information security awareness program, training is not effective prevention for all types of attacks. General endpoint security hygiene must be in place along with baseline security awareness to prevent attacks from being successful.

First, basic security awareness around installing mobile applications is critical. Enterprises should update their mobile security awareness programs to include information about only installing applications from trusted and approved application stores; this will help prevent malware like Torpig from getting installed. An example to include in training could be installing an application based on clicking on a banner ad; this type of download is likely to install an app that includes unwanted functionality that could steal data or passwords. Also, if during installation an error message about the app not being signed pops up, users should cancel the install immediately.

Unfortunately, people will not always be able to distinguish malicious content from legitimate content, so systems must be designed to give employees the least number of opportunities to make bad decisions and to minimize the effects of clicking on a drive-by download.

Implementing tools that monitor the network and block drive-by download threats -- such as firewalls, intrusion detection systems and antimalware devices -- can be the most effective mechanisms for blocking attacks, but not all Internet access will use the enterprise network and be blocked. Endpoint security tools can be used for similar functionality, but must be installed and operating correctly to be effective -- this depends heavily on the endpoint being managed.

Ask the Expert!
Want to ask Nick Lewis a question about enterprise threats? Submit your question now via email! (All questions are anonymous.)

Next Steps

Learn more about drive-by download attack defense and prevention.

This was last published in March 2015

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

3 comments

Send me notifications when other members comment.

Please create a username to comment.

No strategy can allow for humans to do the right thing! We’ve all had hurried days and mis-clicked and run something we didn’t want!
Cancel
Great article. I just wish that users could get it through their thick skulls that they need to pay attention to what they do online. If in doubt, ask. It's that simple.
Cancel
It's getting harder and harder to spot what is valid and what may be bogus. As an example a user get an e-mail about a UPS or FedEx shipment.. Without opening it, how can they tell if it's valid or not? Do they call shipping or receiving and ask if they are expecting anything? As for the pop-ups, I always tell people if you did not ask for anything and see a pop-up window, then CTRL+ALT+DEL and go to task manager and end it there to be safe. They have gotten slick in the ways they download the software now. A simple close window does so much more than you may expect.
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close