Drive-by download attack is one of the most popular methods employed by hackers nowadays. What is it? How can you protect your organization from it? Keep reading to learn!
Malware attacks have been preserving their popularity amongst the hackers for a while. They are relatively easy to implement when targeting medium to small scale organizations, they can go unnoticed for a very long time and extract information from the target quietly. In order to implement malware (or sometimes ransomware) into the target’s device and/or network, drive-by cyber attacks have been being used very often. In this article, we will explain what a drive-by cyber attack is and how you can protect your organization.
What is a drive-by download attack?
Also known as drive-by, drive-by cyber attack and drive-by download, this type of cyber attack is related to triggering an unintended download of a software from the Internet. Often, two different definitions are associated with drive-by download:
- Drive-by download refers to the download process authorized by the user without fully understanding the outcome. For instance, the user attempts to download a pdf file from the Internet and click on the “Download Now” icon but instead of a pdf file, they download a malicious and/or unknown application.
- Drive-by download refers to the download process that happens without the knowledge of the user. Often, such download processes result in installing spyware, ransomware, malware or crimeware.
Both definitions refer to the download of a malicious software. Due to the strategy employed by malicious attackers, the user may or may not be aware of the fact that they are downloading something from the Internet, yet regardless, the drive-by download manages to harm them.
How does drive-by download happen?
Drive-by downloads can happen when the user visits a specific, ill-intended website, clicks on a link, clicks on a button on a web page, clicks on a malicious pop-up or opens a suspicious e-mail attachment. Sometimes, the download window of drive-by attacks can look like an error report from the computer’s operating system and when the user clicks on approve, they consent the download of a malicious software without being aware of what they are doing. In such cases, the hacker or cyber criminal behind the drive-by attack may claim that the user gave their consent to downloading and installing the software.
The aim of a drive-by attack is to take advantage of the browser, app or operating system that has serious security vulnerabilities raised by either the lack of updates or failed updates. A drive-by attack aims to gain access to your device or network to accomplish one or more of the following:
- Destroy (or “brick”) your device: A drive-by attack can make your device unable to function anymore.
- Wipe your data: A drive-by attack can wipe your entire data or distort it to the point of no return.
- Hijack your device: A drive-by attack can take control of your device, build a botnet or infect your entire network.
- Spy on you: A drive-by attack can spy on your activity, steal your sensitive information like name, address, credit card details or use your webcam to literally watch you.
How to protect yourself and your organization
If you want to avoid drive-by downloads,
- Update your software regularly.
- Install necessary protective software.
- Check your firewall often.
- Don’t click on suspicious links, don’t open attachments in e-mails from people you don’t know.
- Thoroughly educate your employees. Make sure that they know that they shouldn’t visit shady sites, download suspicious files, click on dubious links.
- Install a software that blocks malicious websites to prevent your employees from infecting their devices and your network.
- Use strong passwords, two factor authentication and change your passwords everty 3 months.