Stop Piracy from Killing Your Network
We all know we really shouldn’t download that new movie, TV show, song or game from a pirate content site before it’s available through official channels – but all too often, curiosity gets the better of us. After all, what’s the worst that could happen? Surely, one or two pirate downloads isn’t going to kill the entertainment industry.
However, a new survey from the US-based Digital Citizens Alliance has shown how downloads from pirate sites could kill your network. It found that visitors to sites hosting pirated films, TV and game content are 28 times more likely to be infected by malware than those who don’t visit them. One in three of these websites is infested with various types of malware, exposing the machines and networks to infection by stealthy bots that harvest login credentials and other sensitive data, or by ransomware that could inflict significant damage and disruption.
Malware is sometimes disguised as an update for a movie player, or it can be delivered using a drive-by download technique which doesn't require any action by the user beyond visiting the site or click an advertisement. And because the malware is delivered by a web download, and not by the more usual email delivery route, it can often bypass conventional anti-malware products and even sandboxes. Ransomware campaigns spreading by drive-by downloads have been discovered recently: users landing on the infected websites are having their browsers redirected to a second website from which the ransomware exploit is downloaded to start the infection.
Most educated internet users are aware that accessing pirated content is risky. However, that doesn’t stop vast numbers of people from using such websites: when the first episode of blockbuster TV series Game of Thrones was released in April this year, it had over a million illegal downloads worldwide in just 12 hours. As such, it’s dangerous to assume that corporate resources will never be used to visit websites hosting pirated content.
Protecting against piracy
What can you do to protect your organization against this significant risk? First, you need to get the basics in order. You need to make sure your employees really internalize and understand the risks of visiting websites hosting pirated content. Most have only a vague understanding; it’s their responsibility so training on safe internet habits is important - you can't assume people just know.
One draconian option is to implement a strict white-listing policy – that is, only allowing users access to a select number of pre-approved websites. This can have a dramatic impact on overall security – however, it is an impractical option for many businesses and many departments within businesses, which need to access a wide range of websites for their day to day work, and don’t have time to wait for the IT department to approve them.
A more effective option is to look at IP address filtering backed by real-time threat intelligence, as delivered through solutions such as Ixia’s ThreatARMOR solution. ThreatARMOR maintains a list of infected, hijacked and unregistered IP addresses which are known to harbor malware, botnets and other malicious content. It is constantly-updated by our ATI Research Center. Traffic from these ‘known bad’ addresses is then automatically blocked from entering the network at all – so even if a user visits the pirate content site by accident, it cannot deliver a drive-by download attack to initiate an infection.
ThreatARMOR even protects organizations against Zero Day Mutations, which are new malware variants developed to evade detection by signature-based antivirus and IPS systems. Even though the malware is new, the IP address harboring it is known to be malicious, and so the traffic is filtered. As it is difficult for criminals to procure a brand-new IP address for their purposes, they tend to use the same addresses repeatedly – making this method highly effective in blocking attacks that would be undetected by conventional methods.
ThreatARMOR is also able to filter and block communications leaving your network that is intended for known malicious IP addresses. This means that even if there are existing bot-infected machines within your organization that could be exploited to download ransomware, the gateway prevents those bots from connecting with their command and control centers on the Internet, further reducing your exposure to risk.
If you want to maintain flexibility but stay protected, ThreatARMOR is a much more employee-friendly solution. Contact Ixia for a demonstration..