Planned update will provide defense against drive-by downloads
The popular Mozilla Firefox browser is introducing a new feature to protect users against a prolific malicious attack. This feature is designed to shield the browser against “drive-by downloads,” a technique used by third parties to download information without a user’s knowledge or consent. The update is set to release in October.
It’s a powerful step in thwarting against a malware attack that has existed for two decades. Typically, a user visits a compromised website. Executed downloads occur without consent and deliver a malicious payload as a result. From there, the goal is to either have the user run the executable or said executable runs automatically.
The best defense is primarily practicing caution and avoiding compromised web zones. However, this is not always possible, especially with social engineering. Additionally, COVID-19 has increased the frequency of cyberattacks, meaning drive-by downloads are more common. Additionally, drive-by downloads exploit features on browsers, making them harder to detect and prevent.
One of the reasons drive-by downloads have remained so successful is the inability to halt them entirely. Since the method uses legitimate parts of browsers, it isn’t possible to block those sanctioned parts of a browser (otherwise normal use is interfered with). Protections for different browsers have existed for years, though not with a full success rate.
Now, however, new protections have arrived which will thwart drive-by downloads en masse.
How it works
The new protections address “sandboxed iframes,” normally a utility used for loading ads, widgets, videos, and other website media. Rarely used, the feature isn’t common with most websites. Therefore, the goal is to block them as a whole.
Google Chrome introduced this feature in March 2019, fully disabling the ability for iframes to download as of May 2020. Now, Firefox is taking a similar approach.
Firefox 82, set to release in October 2020, will block any download originating from a sandboxed iframe. There are some exceptions to this, but they must meet several security standards before the download is implemented:
- The provider must flag the iframe with an “allow download” tag
- The website must be legitimate and secure
Firefox will continue to add updates to protect against drive-by downloads, but it’s a step in the right direction. Therefore, consider using the browser to protect your business from potential drive-by download attacks.