Malware is prevalent, particularly as users connect to the Internet from multiple devices across multiple locations.
Users want instant, 24/7 connectivity, says Lutz Blaeser, MD of Intact Security, who adds that this presents significant risks, as users on the go, who are connecting in a hurry, don't always scrutinise their search results as closely as they should. In addition, viewing pages on small screens makes it harder to spot dodgy activity that could indicate the presence of malware, he says.
"Drive-by downloads are no longer just affecting PC users. Cyber thieves are cunning, and have figured out ways to adapt these attacks to the mobile platform - and ensnare more victims than ever before," he says.
These sorts of attacks are not new, explains Blaeser. The techniques, which have been employed by criminals for some time now, work by infecting users with spyware, Trojans or other malware, without their knowledge, when they visit a Web page, or click on a pop-up. Similar to rogue software, they exploit vulnerabilities in the browser, plug-ins and low security settings.
"Some plug-ins and add-ons also appear legit, but contain a hidden piece of malicious code, particularly when downloaded from less reputable Web sites," he notes.
Blaeser says there are several ways to avoid these. Firstly, users must make sure their software is up to date. "This is the single most successful means users can take to protect themselves from drive-by downloads. All software, particularly programs that have proved favourites with cyber criminals, such as Adobe, Java and Flash, should be updated meticulously. The same goes for [anti-virus] software, and all add-ons and plug-ins."
Users must install all software updates, no matter how inconvenient and interruptive they are, he urges.
Having the most updated software available dramatically increases users' chances of avoiding attacks of this nature. "Think of the 10 minutes it takes to run the updates, versus the days users' PCs could be out of commission if infected by a virus through a drive-by download," he adds.
He says users must ensure the latest version of their browsers - be it IE, FireFox or Chrome - is being used, as many drive-by downloads exploit vulnerabilities found in older browsers and associated plug-ins.
"Another way to prevent these attacks is to choose anti-malware protection that contains a firewall and other Web-filtering software. These products have tools to identify compromised sites and will prevent users from accessing them."
He advises against giving business users admin access to their computers, as they may download practically anything that is cool and free, or visit any Web site promising interesting content, without thinking about security. Limiting users' access to their machines can prevent a lot of malware from being downloaded, which could not only affect the individual user, but the company's network too.
"As nice as it is to have, disable Java within PDF readers and other systems, if at all possible," Blaeser says. "Java is probably the top favourite with cyber crooks, and there are countless exploits that have been written for it, some of them that remain unpatched today. Don't open suspect e-mails or dodgy pop-ups," he concludes.
Share
