Inexperienced Internet users may not even realize that during regular browsing they can encounter exploits hidden on some websites. This malware exploits one or more potential vulnerabilities when viewing web pages or documents. More sophisticated threats of this kind initially scan visitors’ devices for vulnerable software versions and target only those.
Thus, the attackers manage to achieve their ultimate goal – to download malicious software onto the computer. And they succeed if a multi-layered antivirus solution is not installed on the PC, which could prevent the infection.
What are the dangers of websites?
Vector of infection by exploits – malicious websites
Exploit kits are often hosted on compromised or malicious websites, as well as in advertisements. Scanning a device for vulnerabilities usually occurs without the user’s knowledge through special malicious code during a website visit. In addition, hackers often use current news or topics to lure more victims to malicious websites.
Recently, ESET researchers discovered several malicious resources that used the term “coronavirus” as part of their domain name, such as coronavirusstatus[.]space. It is worth noting that ESET solution users are protected from such resources.
At the same time, the victims themselves often give exploits the opportunity to infect devices by not timely updating versions of web browsers and plugins, Adobe Flash, Adobe Reader, Java, and Microsoft Office.
Minimize the likelihood of an attack.
To minimize the likelihood of attacks in browsers, including providing faster vulnerability fixes and discontinuing the use of problematic client software components, manufacturers are taking a number of measures.
In particular, after Adobe announced the end-of-life date for Flash Player, namely December 31, 2020, Google, Mozilla, and Microsoft initiated a multi-year plan to discontinue support for Flash in their browsers. Thus, the issue of protection against exploits that have used a number of vulnerabilities found in this legitimate software over the years is being resolved.
For example, vulnerabilities in some old versions of Adobe Flash, as well as Internet Explorer, are still often exploited in malicious campaigns by attackers. In particular, vulnerabilities such as CVE-2018-15982, CVE-2018-4878 (Adobe Flash), and CVE-2018-8174 pose a danger. (Internet Explorer).
Website security for visitors starts with updates
Due to the presence of numerous vulnerabilities, users must ensure timely updates of their own systems and software. It is also important to ensure that your security solution includes protection against exploit-type threats. It is worth noting that all ESET home and corporate products for Windows include an Exploit Protection module that monitors suspicious activity from such threats.
If the Exploit Protection module detects a suspicious process, it can immediately stop it. The advantage of having such a module is that it protects against exploit-like behavior, even if your computer has a certain vulnerability.
Add a Comment