A drive-by malware download is a web-based attack which occurs when malware is installed on a target device. It is crucial for groups to put in place drive-by malware download security, along with configuring a spam filter to block malware delivery via email.
The malware could be:
- Malware to make money for the developer thanks to advertising income
- Spyware to collect data on the user
- Keyloggers or banking Trojans that gather credentials
- Ransomware to encrypt data and demand money from the victim.
These installations typically happen unnoticed to the device user. It can be as simple as a phishing email being received with a hyperlink that avoids the spam filter which takes the recipient to a compromised website which is laden with malware lures.
Authentic web portals can also be infiltrated and loaded with malware and ransomware. This is even more likely for a large web site that allows the placement of third-party ad blocks that generate extra revenue. Malicious adverts – termed malvertising – may get around various testing required by third-party ad networks and be shown to site visitors. If a link is visited, the user is taken to the malicious web portal. Threat actors also participate in #search engine poisoning. This is when search engine optimization tactics are deployed in order to move malicious websites to the top of the search engine results pages.
It is vital for companies to safeguard themselves from drive-by malware downloads. Using a web-filtering solution.to block out undesirable website content from being displayed. The consumer versions come with parental control features for home WiFi networks.
WebTitan from TitanHQ is popular for corporate entities, managed services providers, and Internet service providers to prevent access to malicious, illegal, and other undesirable web content including pornography and safeguards from drive-by malware downloads in a number of different ways.
Initially it does not allow downloads of specific file types from the Internet, those most linked to malware (.exe, .js, and .msi for example). Second, it employs the use of blacklists of IP addresses and domains that have previously been marked as involved in spreading malware distribution. Finally it can be utilised to prevent access to dangerous website categories that are typically involved in spreading malware.
WebTitan is simple to configure in a short space of time. It does not impinge on page loads, speeds load, safeguards users regardless of location, and updates automatically as soon as new malicious content is identified in threat intelligence reports. .
In order to protect your company from drive-by malware installations, enhance security in relation to phishing attacks, and safely manage web content that is accessible on your network, get in touch with TitanHQ now to find out more.