Reports circulated last week regarding a malvertising attack that may have impacted millions of users of the Plenty of Fish (pof.com) online dating site. According to Malwarebytes, one of the ad networks that use pof.com was used as a key link in an attack chain that ultimately infected visitors' devices with the Tinba banking Trojan.
Same Old Same Old
There was nothing especially interesting about this attack, nor was there anything novel in the recommendations being made in it's wake: Patch your systems, keep your antivirus updated, etc. Of course, if everyone actually did keep their systems patched and their AV updated we might see far fewer of these types of attacks because they wouldn't yield much for attackers. But that's clearly not the case, and thus, the economics of such attacks still favor the bad guys. Even worse, keeping systems patched and AV updated doesn't protect against zero-day attacks, and given the rate at which new zero-days are being introduced, it would seem that creating and using them is a very good business indeed.
There's an often-used quote defining insanity as doing the same thing over and over again and expecting different results. The quote seems apt as a comment on the current approach to preventing malware attacks. We can't find vulnerabilities, patch systems and identify new attacks faster than attackers. And yet we continue to try, as if there's nothing else we can do - except, perhaps, disconnect from the Internet.
Disconnect from the Internet? Surely that's a mad statement if ever there was one. And yet, it's often tossed out with a roll of the eyes and shrug of the shoulders as the only definitive way to avoid attacks. But perhaps in the madness there's also a method.
With isolation, there is a way to eliminate the threat of Web-borne malware attacks. It doesn't rely on the ability to detect attacks - zero-day or otherwise, and it doesn't require that users' operating systems and browsers remain patched and up-to-date. Isolation security uses the simple premise that attacks are undetectable, and therefore no content from the Web should ever reach a user's device. With breakthroughs in virtualization, cloud and remote rendering technologies, it is now possible to eliminate all malware delivered via the Web - including malvertising.