What is a Trusted Device?
Last week, I explained what a Trusted User is, and how you can verify the identity of your users at login. That’s the first step toward Trusted Access. The second step is to ensure the security health of their devices before they access your applications and data. But why?
Software vulnerabilities often leverage flaws found in old versions of operating systems, browsers and plugins like Flash and Java to allow attackers access to and control of your devices and systems.
Attacks Targeting Devices: Exploit Kits
Attackers may use exploit kits, that is, bundles of malicious code used to download malware on your user's computer. These are conveniently packaged and sold as malicious software as a service to attackers that may not be able to, or need to, code their own exploits.
Spam Emails
How do these exploit kits work? One way is to send spam to your users, while disguising a link in the email body. Once clicked, a user may be redirected to a malicious website that is hosting the exploit kit. The kit will check their computer for what version of Flash they’re running, then download malware onto their system if their computer is susceptible to the Flash vulnerability included in the kit.
This is known as ‘fingerprinting’ their machine. The landing page can use code to identify a user’s OS, browser and browser version, Flash version, Java version and more. The exploit kit can use this information to load a relevant component in order to successfully infect or compromise their machine, according to Sophos.
Drive-By Downloads
Another way these exploit kits can launch is via a simple drive-by download attack. This type of attack can infect a user that visits a compromised website. Attackers can inject malicious code (usually Javascript) into legitimate websites that will redirect visitors to the exploit kit.
This type of attack targeted the users of several university websites and online publications like Spin.com and Popular Science, as well as developer websites like jQuery.com that targeted IT system administrators and web developers, by injecting malicious code of an iframe into their websites.
Similarly, JPMorgan Chase’s customers were hit by the same type of attack in the ‘Smash & Grab’ phishing email campaign a few years ago. These emails asked users to submit their credentials as well as redirected them to a RIG exploit kit that checked their computer before exploiting old vulnerabilities found in Internet Explorer, Adobe Silverlight and Flash, and Java.
Protecting Against Malware Infection
The type of malware that is installed by exploit kits and via other attack paths include Trojans like Dyre with keylogging components that can steal all types of sensitive data, including user credentials to banking sites.
By targeting a device running out-of-date software, an attacker can nab the keys to the kingdom and log into your applications with legitimate credentials. Ransomware is another type of malware that can be installed on systems via out-of-date software on users’ devices, and has been increasingly targeting hospitals and universities.
Ensuring Trusted Devices and Endpoints
Protecting against malware infection starts with getting insight into the software of the devices authenticating into your environment. With a holistic security solution, you can get detailed data on these devices, including the operating system platform, browser versions, and plugin versions, including Flash and Java.
Duo’s Trusted Access solution checks your users’ endpoints before they access your applications, allowing administrators to create access controls and policies around the minimum versions needed to grant them access, or the security features (passcodes, screen lock, etc.) required on their devices.
Admins can effectively block devices or warn and notify users to update their devices before they’re granted access to certain applications - further reducing the risk of a malware infection via exploit kits or any other means that leverage vulnerabilities of unpatched systems.
Learn more by downloading the 2016 Duo Trusted Access Report - in this report, you’ll get:
- A breakdown of how many Mac, Windows and other users and devices are running outdated, unsupported browsers, operating systems, Java and Flash
- The types of known vulnerabilities your users and company are susceptible to
- Duo’s security hygiene recommendations to secure your devices, users, apps and data
- A real-life breach scenario and how a Trusted Access solution can prevent a breach
We analyzed our extensive dataset of more than 2 million devices used by customers in every industry and size, ranging from small startups to Fortune 500 enterprises, to give you top-level insight into what’s secure and what’s not. Download it today.