One of the biggest mistakes that people make when it comes to Web servers is using a single-layer method of protection against malware and other attacks. Today, threats are extremely complex and sophisticated. In fact, some malware have 50 layers or more, which makes it obvious that the only way to protect a Web server fully is by multi-layered methodology.
Helpful Tips for Protection
Dealing with layer upon layer of threats can be overwhelming, but there are specific things that website administrators and personal users of computers and Android devices can do to beef up protection.
- The most current malware detection should be combined with runtime detection, host instruction prevention, and Web filtering.
- Virtually everything should be patched immediately, starting with the oldest vulnerabilities first.
- On the client, Java should be limited or completely eliminated, since many exploit kits and botnet authors have recently turned their attention in its direction as opposed to PDF and Flash. For that reason, Java has created some serious compromises.
- Attack surfaces should be dramatically reduced. This can be done by removing or avoiding all site plugins deemed unnecessary. For instance, if there are any plugins for WordPress not being used, they should be removed.
- At all times, website credentials need to be protected. Unique passwords should be used and all default administrator passwords reset.
Dangerous Exploit Kits
Today, one of the biggest threats comes from exploit kits, which are responsible for most malware infections reported around the world. The problem is that these kits are distributed from public sources and those underground. In addition, these kits target novice hackers to professional criminals. Enterprise Security created a great document that fully explains exploit kits and provides specific names.
- Blackhole – One of the most notorious of all exploit kits is the Blackhole, which has become the most prevalent threat on the World Wide Web. With this, a malicious payload is delivered to a targeted computer.
- Redkit – This uses specific botnet attributes as a means of controlling Web servers that interact with potentially millions of users. With Web servers operating 24×7, the volume of users is extraordinary.
- Glazunov – This is another dangerous exploit kit responsible for nearly 5.5 percent of all exploit kit detections, which delivers extremely damaging ransomware.
- Flimkit – This up-and-coming exploit kit is gaining more attention as the number of attacks increase in the United States, UK, Germany, Australia, Italy, Thailand, China, France, Singapore, the Netherlands, and others.
- Sibhost – This is a relatively new exploit kit that is believed to come from the same author of Flimkit.
- Java – Again, Java for clients poses risk, so it should be removed. Specific to exploit kits, there are several connected to Java that include Cool, Crime Boss, CritX, Neutrino, Safe Pack, Sakura, Styx, Sweet Orange, and Whitehole.
The list of exploit kits is quite extensive and ever changing. Contagio created an informative document that reveals kits that seem to be fading away, as well as new ones cropping up. Keep in mind that exploit kits are just one method used by hackers to gain access to vital information commonly used for financial gain. Therefore, corporations of all sizes, as well as personal computer users of both PCs and Macs, need the best layered protection possible.