Understanding the web threat vector

In our last post, we talked about why email is the number one threat vector.  In this post we'll talk about compromised websites and why they pose such a risk.

Although compromised or malicious websites are the second most common method of infecting victims with malware, this threat vector is often unconsidered by the user.  Here are a few of the most common attacks that occur when a user visits a compromised website:

• Drive-by downloads:  This is a program that automatically downloads to a computer when it visits a compromised or malicious site.  The program will inject malware, including ransomware, into the victim PC.  This occurs in the background and the user usually does not notice that it's happening. 
• Cross-Site Scripting Attack (XSS):  In this scenario, a website contains scripts that can steal sensitive information or redirect visitors to malicious sites.  InfoWorld has an article on a recent example where Wix.com templates were vulnerable to an XSS attack.  In this case, the attacker could control every website that used these vulnerable templates.  There are similar vulnerabilities in free templates for WordPress and other open-source software. 
• Social media:  Vulnerabilities in Facebook and other social media sites have been used to execute Locky attacks.  According to this recent Ars Technica article, image files can be used to carry malicious code from social media sites to a user's computer. 
• Infected ads:  Earlier this year, MalwareBytes reported that some of the ads being displayed on large publisher sites like msn.com and bbc.com were infecting visitors with ransomware.  This is a situation where neither the end-user nor the website owner had done anything 'wrong.'  It was a matter of a third party being infected and finding a path to the visitor.

Security vendors respond to these threats with the Next Generation Firewalls, Web Security Gateways, and Web Application Firewalls (WAF).   Those first two products are used to make sure that the user is never allowed to access the compromised website, while the WAF assures that the website you own is never compromised and used for unintended purposes.  Just like with email, these security solutions are constantly evolving and being updated to protect customers from emerging threats.   These solutions also use deep machine learning, behavioral analysis, and other advanced security technologies.

The Web Security Gateways (WSG) are utilized to monitor usage of the Internet and protect users from accessing malicious sites or downloading malicious content.  Deep machine learning can help WSGs determine the intent of the site in real time, not just rely on possibly outdated classification lists.   Advanced Threat Detection techniques can stop malware from reaching the end user.  The Barracuda Web Security Gateway offers this protection and more. 

Because users rarely notice when they are victims of an attack, it's important to deploy security in multiple layers.  Our Web Security Gateway and NextGen Firewall provide comprehensive protection against web-borne attacks.  You can get more information on these solutions and the rest of our Total Threat Protection suite at the following sites:

• Web Security Gateway
• NextGen Firewall
• Web Application Firewall
• Email Security Gateway
• Barracuda Total Threat Protection

If you'd like to know more about defending yourself from ransomware and other threats, visit these resources:

• NoMoreRansom project
• The evolution of ransomware
• Microsoft Malware Protection Center
• Ransomware blog posts

Next time we will take a look at the network threat vector. 

To view all posts in this series, click here.