Risk and Crisis Management: Drive-by Download Hacks

Sections of this topic

    Drive-by Download Hacks: Risk and Crisis Management

    Were you aware of this sneaky way your system can be infected?

    Rarely a week goes by now that we don’t hear of a new cyber attack as hackers’ approaches become bolder and more sophisticated.

    Early this month, a U.S. Department of Labor page that shares information on toxic substances at facilities around the U.S. was infected by hackers in what is known as a “drive-by download” attack. Here are the details, from a PCWorld article by Jeremy Kirk:

    When someone was redirected to an infected page, a script surveyed the computer to figure out what versions of software such as Microsoft Office, Adobe Systems’ Reader, Java or various antivirus programs it is running, wrote Jamie Blasco, director of AlienVault’s Labs.

    The attack code then tries to exploit a vulnerability in older versions of Internet Explorer, wrote Anup Ghosh, founder and CEO of Invincea. The vulnerability, CVE-2012-4792, has been patched by Microsoft.

    Those running the vulnerable browser didn’t even need to click or accept anything, merely visiting the site would be enough to grant the attackers access to their systems. May give you risk and crisis management in your organization.

    Exploits of older versions are just one of the reasons regular software updates should be part of your risk crisis management process for cyber attack prevention. For more tips on protecting yourself, check out our recent post, The Three P’s of Cyber-Survival.

    For more resources, see the Free Management Library topic: Crisis Management

    [Jonathan Bernstein is president of Bernstein Crisis Management, Inc., an international crisis management consultancy, and author of Manager’s Guide to Crisis Management and Keeping the Wolves at Bay – Media Training. Erik Bernstein is Social Media Manager for the firm, and also the editor of its newsletter, Crisis Manager]