Drive-by Download Hacks – a Crisis Management Risk

Were you aware of this sneaky way your system can be infected?

Rarely a week goes by now that we don’t hear of a new cyber attack as hackers’ approaches become more bold and sophisticated.

Early this month, a U.S. Department of Labor page that shares information on toxic substances at facilities around the U.S. was infected by hackers in what is known as a “drive-by download” attack. Here are the details, from a PCWorld article by Jeremy Kirk:

When someone was redirected to an infected page, a script surveyed the computer to figure out what versions of software such as Microsoft Office, Adobe Systems’ Reader, Java or various antivirus programs it is running, wrote Jamie Blasco, director of AlienVault’s Labs.

The attack code then tries to exploit a vulnerability in older versions of Internet Explorer, wrote Anup Ghosh, founder and CEO of Invincea. The vulnerability, CVE-2012-4792, has been patched by Microsoft.

Those running the vulnerable browser didn’t even need to click or accept anything, merely visiting the site would be enough to grant the attackers access to their systems.

Exploits of older versions are just one of the reason regular software updates should be part of your crisis management process for cyber attack prevention. For more tips on protecting yourself, check out our recent post, The Three P’s of Cyber-Survival.

——————————-
For more resources, see the Free Management Library topic: Crisis Management
——————————-

[Jonathan Bernstein is president of Bernstein Crisis Management, Inc., an international crisis management consultancy, author of Manager’s Guide to Crisis Management and Keeping the Wolves at Bay – Media Training. Erik Bernstein is Social Media Manager for the firm, and also editor of its newsletter, Crisis Manager]