For cybercriminals looking to make money off unsuspecting and unprotected users, the web is a goldmine. There are more than 2.7 billion users on the web each day. And with roughly 700 million websites (a number that grows about 10% per year), there are ample opportunities for the criminals to infect you through compromised websites.
Even people who understand the risks may not know how to protect themselves, because a malware attack can happen in so many ways. We’d like to explain the mechanics behind a web attack, and show you the technologies, tools and tactics you need to stay safe.
In this infographic, we can see the five stages of a web malware attack, from entry to execution. In this example, a user’s web browser is hijacked by a drive-by download and redirected to an exploit kit, which probes the user’s computer and applications for vulnerabilities. Once a vulnerability is found, a malicious payload is downloaded onto the victim computer (infection). Finally, the malware (in this case also called ransomware) attempts to extort money from the victim.
Secure the Web
This kind of attack happens all the time. But you don’t have to be a victim. Download our checklist of technology, tools and tactics for effective web protection (PDF) to find out how you can protect your organization from malware attacks at every step of the way.
Real-time reputation filtering protects you from newly infected websites as soon as they come online. We do this using our ever-growing, cloud-hosted database of malicious sites. Learn more about how we can secure the web for you.
Explaining botnets, exploit kits, Linux and Android malware (Podcast) | Sophos Blog
[…] and Chet go on to describe how your computer might become part of a botnet: infection by drive-by web attacks from exploit kits. Although one of the most notorious exploit kits, called Blackhole, has faded in […]
What’s coming in Sophos UTM Accelerated (9.2): #5 – Advanced Threat Protection (ATP) | Sophos Blog
[…] in place and kept up to date. That means the technology to protect you from viruses, email spam, web and other malware, phishing attacks, etc. Those are still the most common tools used in the initial stages of a […]
What’s new in Sophos UTM Accelerated (9.2): #7 – Safer Web Application Firewall | Sophos Blog
[…] web application firewall (WAF) is a critical defense against the ballooning problem of web-based malware. Hackers are taking over legitimate websites and services at an unprecedented pace to host botnets […]
How do APTs work? The Lifecycle of Advanced Persistent Threats (Infographic) | Sophos Blog
[…] and kept up to date. That means you need the technology to protect you from viruses, email spam, web and other malware, phishing attacks, and more. Those are still the most common tools used in the initial stages of a […]
5 Steps to Harden Defenses Against Web-Based Attacks | PCM News
[…] described by John Zorabedian of Sophos Security, “the web is a goldmine” for attackers looking to take advantage of unsuspecting users. […]
Mark Adam
Pretty awsome.what’s scary is the guy that uses no malware .still gets in