Ever stumbled upon a website and felt a little…off? You may have been targeted by a drive by download.
This sneaky cyber attack is able to download malicious code to your devices when you simply visit a compromised website.
Drive by downloads exploit vulnerabilities lurking within web browsers, their plugins, and even the operating system itself.
But what exactly is a drive by download, how do they work and, most importantly how can you prevent being a targeted by one? We’ve got you covered with this comprehensive guide.
What Is A Drive By Download?
A drive by download is a type of cyber attack, it involves malicious malware being downloaded onto a users device unintentionally when the user visits a compromised site.
Hackers will exploit security flaws in web browsers, browser plugins and operating systems. This is also known as a watering hole attack when it intentionally targets a specific group.
They can also compromise advertising networks and embed malicious code within advertisements (this is known as malvertising). These infected ads can then be displayed on across different websites.
When you visit an infected website, the malicious code is embedded within the site's content itself or in an advert. Simply loading the page or viewing the ad is enough to trigger the attack. Victims do not need to approve downloads, no clicking is even required.
The malicious code then silently scans your system for known security vulnerabilities. If it finds any it deploys an exploit kit to take advantage of the weakness.
An exploit kit is a sophisticated software toolkit used by cybercriminals to automate the process of exploiting software vulnerabilities and delivering malware to unsuspecting users.
Once a vulnerability is successfully exploited, the kit delivers a payload, which is the actual malicious software (malware) the attacker wants to install.
There are two main categories of drive by download. Unauthorised or “passive” attacks require no user interaction beyond visiting the infected page. The malware is downloaded automatically due to exploited vulnerabilities.
Authorized or “active” attacks involve tricking the user into initiating the download. This is done through deceptive pop-ups, fake software updates, or malicious links disguised as legitimate content. The user might click "close" on a fake pop-up, thinking they are dismissing it, but instead trigger a download.
How to Prevent Drive By Download Attacks?
The unauthorised nature of some drive-by download attacks make them especially frightening. However there are steps you can take to reduce the attack surface of your organization and the individuals that run it.
Make sure to keep software up to date. This means installing patches as you are prompted to as well as not ignoring important update popups. Security updates often patch vulnerabilities that attackers exploit.
A good security program can detect and block malicious code before it can be downloaded and installed so ensure that you keep your antivirus software up to date.
Implementing preventative measures at both the organizational and individual levels will significantly reduce the risk of drive by download attacks.
Comments ( 0 )