How a Malicious Website Spreads Malware Through Your Business

July 11th, 2017 - Category - IT Security, Security

Businesses are currently facing a huge malware problem stemming from phishing attacks. Not a week goes by when there isn’t another news story of a well known organisation falling victim to ransomware or having some other unwanted cyber security related incident. These incidents usually involve the temporary or permanent loss of business data, including that of customers. Under new EU GDPR laws, from May 2018 businesses will have to make these events public if the nature of the breach could have a negative impact on the subjects of the data.

The malware involved with these kind of incidents usually arrives because someone clicked on a link or an attachment in a phishing email.

We’ve stressed repeatedly all employees need to be on lookout for the red flags of a phishing email and you have to train employees continuously by sending them simulated phishing attacks.

But how does malware actually get onto your business PCs and networks?

You may believe that in order to get malware from an infected website, you actually have to go onto the site, download something and then run it.

Unfortunately, this is not true.

Infected sites, especially those deliberately used in phishing attacks, use “drive by downloads” to infect their targets. This means that files can begin downloading from the site as soon as you arrive on it, and they can run themselves when downloaded – all without you clicking on anything after making the decision to connect to the website.

How can a website do this?

They exploit outdated software on users’ devices. If you have any software, including your browser or operating system, that is out of date – a website can use something called an exploit kit to scan your device. If it finds any vulnerabilities, such as software that you haven’t updated, it can download files that will exploit that vulnerability.

Other Ways Websites Can Contain Malware

cryptolocker-1.jpgJavascript is a programming language that supports many web based applications like Evernote, Google Docs and countless others. This can also contain vulnerabilities which cyber criminals can exploit. Pages containing javascript malware will download a .js file to your computer, which your web browser (Chrome, Firefox, Internet Explorer etc.) will then run. This .js file could instruct your browser to download other malware or connect your computer to other dangerous domains.

Malvertising is a term which refers to the infection of ad delivery networks. The ads you see at the side and bottom of blogs, news sites and many other places on the internet are served up by ad delivery networks, and they can be infected with malware even if they site on which you see them is not infected. One infected ad can be shown on thousands of different websites, greatly multiplying its reach and the number of potential victims.

The ads themselves can get infected by cyber criminals, or cyber criminals can set up their own ads. These are typically extremely “click-baity” in appearance, with an image that might be hinting at more to be seen if you click on it, and a title which piques your curiosity whilst suggesting your questions will be answered if you click.

Outdated WordPress Sites – It is estimated that as many as 60% of websites are running on WordPress – a software which makes website content management easier for those without coding skills. WordPress, like other software, must be kept up to date to remain secure. It also allows the installation of “plug-ins” which grant additional functionality. These also must be kept up to date. Cyber criminals look for exploits in wordpress and popular plugins, so it’s vital they’re kept up to date. If not, websites can be hacked to inject URLs onto pages, or even add completely new pages. A breached website can also redirect users to malicious domains. If you’re running a wordpress site and you don’t keep it secure, you could even find your own website being used in phishing attacks to deploy malware to visitors.

What Can You Do to Protect Your Business From these Domains?

Malware comes in many forms, and some of these can be extremely disruptive to your business. Businesses have lost all of their data to ransomware. Could your business survive that?

As well as simply educating employees about the importance of being vigilant against phishing emails, a DNS monitoring solution could save your business.

card phishing small.jpg

We use a service that handles 2% of all internet traffic. That’s 80 billion DNS requests per day. As it handles such a large volume of global internet traffic, it can very quickly spot domain level trends indicating the domain is being used for phishing attacks.

Using a web monitoring solution, such as this one, gives you the earliest possible protection against web domains used in phishing attacks. As soon as an unusual spike in traffic is seen to a suspicious domain, the solution will block any of your employees from accessing that domain, something they could potentially do if they clicked on a link in a phishing email. This will prevent you from connecting to those dodgy websites that immediately begin downloading malware as soon as you arrive.

 

Not Clicking the Link is the Best Defence

A link in a phishing email cannot harm you if you do not click on it.

The best defence is simply not clicking on any of the links. This means you and your employees have to recognise phishing emails when they arrive.

We have found that they best way to ensure people recognise phishing emails is to send them regular simulated tests. Clicking on links in these simulated phishing emails won’t cause any harm, but it will enroll the “victim” in further training to help them spot these emails! Phishing emails nearly always contain red flags that you could notice if you spent a bit more time evaluating emails, or knew what to look for!

 

Get Email Security Cheat Sheet

Leave a comment

Receive productivity and business posts via email

Netstar IT Support

83 Clerkenwell Road
Clerkenwell
London
EC1R 5AR