Many may have read about the growing threat via malvertising and ransomware which over the last few days has affected users of high traffic sites such as AOL.com, MSN.com, BBC.co.uk, Zerohedge.com, NYTimes.com and so on. For more information and updates, read The Register article. Also, do your own research as to how this can affect you - these threats are not going to go away and you need a secure browser to surf safely.
This post will not go into the contentious issues of ad blockers and the online ad industry, nor who it is to blame or responsible in this instance for malicious adverts being shown to you. It is simply to offer some advice about surfing safely, especially when threats such as this are doing the rounds.
Firstly, you need to understand that the reason this is affecting millions is because most browsers do not provide sufficient security out of the box to protect you. You need to take your own steps for your own security against the growing range of cybercrimes.
Different browsers offer differing levels of protection, so choose your browser wisely. Internet Explorer, which comes as the default browser for many, is the most vulnerable because of the number of unprotected and naive users a malicious attack is likely to affect. If you insist on using IE, then secure it. Chrome, Firefox and Opera all include various levels of protection against malicious websites, scripts and so on, but on their own are still insufficient to offer the level of security required in 2016, particularly as the nature of the threats changes daily.
Here are our suggestions for securing your browser and trying to de-risk your vulnerabilities against malvertising when surfing. If you have further advice, please do not hesitate to add it to the comments.
Steps to Secure your Browser
To discover how to carry out each step, we suggest you use a search engine such as StartPage or DuckDuckGo as this will keep this post short! Check recent online reviews and news for any plug ins etc before you install ANYTHING. This is your machine/device you are putting software etc on to and you need to know it is not going to cause further problems for you.
- BACK UP YOUR DATA! NOW!! On to a different (preferably offline) device, the cloud, CDs, dongles, etc.
- Turn off Flash. Completely. Or at least disable it. Most websites do not need it any longer and it is a dreadfully vulnerable bunch of code.
- Uninstall Microsoft Silverlight. A vulnerability within Silverlight is part of the exploit kit.
- Install an ad blocker. Whatever your feelings as a business person about the need for websites to make money through displaying advertising, right now it is adverts causing the problems! We can come back to the discussion about the online advertising industry another day. The most well known ad blockers are Privacy Badger from EFF, AdBlock Plus and open source Ublock Origin and Ublock (a fork of Ublock). There are many others so take your pick, but you need ONE!
- Run MalwareBytes, regularly.
- Make sure your anti virus is updated (although for malvertising this is not the solution, it should be part of your regular PC housekeeping)
- Seriously consider encrypting your critical data and files because these types of attacks are becoming far too frequent.
Other possibles include installing Linux or using a Mac (although there are now successful attacks on both of those OS too), running Noscript or equivalent, use Ghostery (you may get conflicts if you install too many plug ins of this type so double check; more may mean less protection), learning about the role of host files, etc.
All of the above and more will feature in a new ebook to be published shortly. If you would like a free copy, please sign up to the newsletter.
Stay safe out there!