Data Dive: 5 Recommendations to Stay Ahead of Drive-by Download Attacks (Part 2)

In Part 1, I provided an overview of drive-by download (DbD) attacks. Today, I share 5 recommendations for reducing the risk of such attacks when browsing online or opening email links, whether you are a developer, IT professional, or an end user.

It takes all of us to mitigate the risk of cyber threats, including drive-by downloads. (Source: Getty Images)

While developers and IT professionals are responsible for developing secure code and maintaining security of systems and applications, users also need to be savvy enough to securely navigate technology in this connected era. It takes an army — not any single team or person in an organization — to mitigate drive-by-downloads and other cyber threats.

5 recommendations for Developers and IT professionals to manage risk from DbD attacks:

1. Keep the web servers’ operating systems and other software up to date and keep all security patches up to date.
2. Check out Security Development Lifecycle (SDL) Quick Security Reference Guides (e.g. Microsoft SDL practices) for the latest updates.
3. Remove all unnecessary services to minimize the attack surface. For instance, do not allow web servers to be used for browsing the Internet or opening emails and email attachments.
4. Reduce the attack surface of devices from Internet-based events. It is important to reduce the attack surface from apps that could put users systems at risk. For example, Microsoft Windows Defender Exploit Guard is a set of host intrusion prevention capabilities for Windows 10 that can help to manage and reduce the attack surface of apps used by employees. The network protection feature prevents employees from using any application to access dangerous domains that may host phishing scams, exploits, and other malicious content on the Internet.
5. Register your website with Bing webmaster tools and Google Webmaster, so that search engines can proactively inform you if they detect something suspicious on your site.

Consumers have a role to play too. (Source: Getty Images)

5 tips for consumers and other end users:

1. Keep software up to date. Applying the latest service packs and security updates continues to be an effective practice to protect systems from exploitation. This includes operating system(s), web browsers, productivity suites, applications, and software that might have been pre-installed by manufacturers.

2. Uninstall software and add-ons that aren’t being used or aren’t required. This will reduce the attack surface and simplify the amount of software you need to keep up to date on your systems. Disable unnecessary software that cannot be uninstalled.

3. Adopt newer versions of software. Time and time again, we have seen that attackers are more successful when targeting older platforms, browsers and document parsers. When possible, use the most recent versions of software.

4. Be careful when browsing and communicating online. Be selective about the Web sites you connect to and restrict the sites that corporate assets can connect to. Avoid surfing the Internet while logged onto systems as an Administrator — use accounts that have limited privileges like a standard user account. If you have servers in your environment, avoid surfing the Internet using these systems. This will help protect the directories and data that servers are typically used to store and process. And, be extremely cautious when opening emails, responding to instant messages, and clicking on links.

5. Use security software from a trusted vendor and keep it up to date with the latest definitions. Anti-malware protection helps prevent the download of harmful software. Web browser protection helps identify reported phishing and malware websites and also helps you make informed decisions about downloads. For example, if you are using Microsoft Internet Explorer or Microsoft Edge, turn on SmartScreen.

Whether at work or at home, we all have a role to play in staying alert and mitigating potential cybersecurity threats. What other guidelines can users, IT professionals, and developers follow to avoid becoming the victim of drive-by download attacks?

Thanks for tuning into this series on drive-by download attacks (read Part 1). In case you missed it, check out this two-part series on global malware trends (Part 1 and Part 2). To stay tuned for more data insights from Microsoft’s recent Security Intelligence Report, be sure to follow Microsoft Cybersecurity on Medium.