What Are Trusted Devices?
Previously, I explained what a Trusted User is, and how you can verify the identity of your users at login. That’s the first step toward Trusted Access. The second step is to ensure the security health of their devices before they access your applications and data. But why? Software vulnerabilities often leverage flaws found in old versions of operating systems, browsers and plugins like Flash and Java to allow attackers access to and control of your devices and systems. It's important to remember multi-factor authentication (MFA) on trusted devices can stop a lot of these attacks from happening in the first place.
What is a trusted device?
Trusted devices, such as laptops, smartphones, tablets, or computers, have been verified as belonging to a legitimate user. A trusted devices list simply refers to all the devices that have been registered, verified, or authenticated as trusted to access any specific systems, resources, or data. Users can verify any devices they connect to corporate applications with—but companies can limit the number of devices per user for two-factor authentication (2FA).
What happens when you don’t trust a computer or device?
Untrusted devices like computers or smartphones can be an easy target for breaches. Attackers may use exploit kits, that is, bundles of malicious code used to download malware on your user's computer. These are conveniently packaged and sold as malicious software as a service to attackers that may not be able to, or need to, code their own exploits. Remember, without multi-factor authentication on a trusted device, devices and endpoints lie unprotected and at heavy risk of exploit.
How do exploit kits work?
Spam Emails
How do these exploit kits work? One way is to send spam to your users, while disguising a link in the email body. Once clicked, a user may be redirected to a malicious website that is hosting the exploit kit. The kit will check their computer for what version of Flash they’re running, then download malware onto their system if their computer is susceptible to the Flash vulnerability included in the kit.
This is known as ‘fingerprinting’ their machine. The landing page can use code to identify a user’s OS, browser and browser version, Flash version, Java version and more. The exploit kit can use this information to load a relevant component to successfully infect or compromise their machine, according to Sophos.
Drive-By Downloads
Another way these exploit kits can launch is via a simple drive-by download attack. This type of attack can infect a device when a user visits a compromised website. Attackers can inject malicious code (usually Javascript) into legitimate websites that will redirect visitors to the exploit kit.
This type of attack targeted the users of several university websites and online publications like Spin.com and Popular Science, as well as developer websites like jQuery.com that targeted IT system administrators and web developers, by injecting malicious code of an iframe into their websites.
Similarly, JPMorgan Chase’s customers were hit by the same type of attack in the ‘Smash & Grab’ phishing email campaign a few years ago. These emails asked users to submit their credentials as well as redirected them to a RIG exploit kit that checked their computer before exploiting old vulnerabilities found in Internet Explorer, Adobe Silverlight and Flash, and Java.
Malware Infection
The type of malware that is installed by exploit kits and via other attack paths include Trojans like Dyre with keylogging components that can steal all types of sensitive data, including user credentials to banking sites.
By targeting a device running out-of-date software, an attacker can nab the keys to the kingdom and log into your applications with legitimate credentials. Ransomware is another type of malware that can be installed on systems via out-of-date software on users’ devices, and has been increasingly targeting hospitals and universities.
Protect your endpoints with Trusted Device Security
Protecting against malware infection starts with getting insight into the software of the devices authenticating into your environment. With a comprehensive security solution, you can get detailed data on these devices, including the operating system platform, browser versions, and plugin versions, including Flash and Java.
Duo’s Trusted Access solution checks your users’ endpoints before they access your applications, allowing administrators to create access controls and policies around the minimum versions needed to grant them access, or the security features (passcodes, screen lock, etc.) required on their 2FA trusted device.
Admins can effectively block devices or warn and notify users to update their devices before they’re granted access to certain applications - further reducing the risk of a malware infection via exploit kits or any other means that leverage vulnerabilities of unpatched systems.
Learn more by downloading the 2022 Duo Trusted Access Report - in this report, you’ll:
Explore how hybrid work changed the landscape of cybersecurity workflows
Find out how companies are using device trust to gain visibility across their network
Learn from real-world experiences of industries implementing device trust
See how enterprises evolved in the face of global digital conflict
We analyzed our extensive dataset of more than 2 million devices used by customers in every industry and size, ranging from small startups to Fortune 500 enterprises, to give you top-level insight into how companies responded to urgent global challenges—and how some may have missed the mark. Download your free copy today.