During the last few weeks there has been a surge in what the industry calls “drive by attacks”. These attacks have happened at Yahoo!, weather.com, DrudgeReport.com and others recently. These attacks don’t require you as a user to do anything, just the act of visiting a webpage with an infection is enough because when a web page loads all the items on the page are processed. If you think about any site you visit that is sponsored by advertising you can see this for yourself. The code that makes the Dodge charger billow smoke from the back wheels or the Geico Gecko say something witty needs to be processed as the page loads or these ads would be ineffective.
Your browser doesn’t know the difference between these non-malicious ads and one that might load a malicious software program or software designed to encrypt your hard drive. These attacks are especially dangerous because they can show up on very legitimate websites if an attacker can fool an ad company into running one of their infected ads.
The latest trend shows us attackers are doing just that. They are posing as legitimate companies and getting their infected ads placed in a wide variety of places, some of which you or your employees might visit during breaks.
Many practices want to be accommodating and allow employees to visit non work related web sites and many more don’t have policy addressing the issue at all. While I admire this compassion in providers, this is overall bad practice and should not be allowed.
My specific recommendation to combat this current tactic:
- Put a short term moratorium on all web surfing at the office. (I believe Ad companies will soon do a better job of screening)
- Hold specific training on why you are doing this
- Implement policy on work use of technology
- Work with your technology company to implement effective ad blocking techniques
- Disable flash if possible
- Keep all antivirus and adware services up to date
- Do a search on “drive by malware attacks” and weather.com, drudgereport.com or yahoo! to arm yourself with information on the current situation.
You can always contact us at HealthPOINT.firstname.lastname@example.org or 605-256-5555 to get your questions on this or any security related topic answered. Security Services subscribers will get additional information on this situation and other healthcare security related activity thru email security reminders, newsletters and education content.
We hope you will find the information helpful and useable. The Security Services bundled packages came about because of the emphasis on securing Protected Health Information (PHI). HealthPOINT wants to help you meet the standards set by the government and assist you in creating a culture of compliance and security in your organization.